Obfuscate memory roots for non-root users

author: Guillaume Maudoux <guillaume.maudoux@uclouvain.be> 2019-02-28T22·26+0100
committer: Guillaume Maudoux <layus.on@gmail.com> 2019-03-09T23·56+0100
commit: a17f86ce3a67dd2dab2329d7262bc4ad4e7c37ff (patch)
tree: 4507f21b74cbd5bb3649be5ca419a2d30aa8beb0 /src/nix-daemon
parent: 43331d634498154f6a1835c8c417dd07eaefd45d (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc
index 8368c3266142..faa23b268628 100644
--- a/src/nix-daemon/nix-daemon.cc
+++ b/src/nix-daemon/nix-daemon.cc
@@ -478,8 +478,15 @@ static void performOp(TunnelLogger * logger, ref<Store> store,
         Roots roots = store->findRoots();
         logger->stopWork();
         to << roots.size();
-        for (auto & i : roots)
-            to << i.first << i.second;
+        int n = 0;
+        for (auto & i : roots) {
+            // Obfuscate 'memory' roots as they exposes information about other users,
+            if (i.first.rfind("{memory:", 0) == 0) {
+               to << fmt("{memory:%d}", n++) << i.second;
+            } else {
+               to << i.first << i.second;
+            }
+        }
         break;
     }
author	Guillaume Maudoux <guillaume.maudoux@uclouvain.be>	2019-02-28T22·26+0100
committer	Guillaume Maudoux <layus.on@gmail.com>	2019-03-09T23·56+0100
commit	a17f86ce3a67dd2dab2329d7262bc4ad4e7c37ff (patch)
tree	4507f21b74cbd5bb3649be5ca419a2d30aa8beb0 /src/nix-daemon
parent	43331d634498154f6a1835c8c417dd07eaefd45d (diff)