diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2019-10-09T16·01+0200 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2019-10-09T21·57+0200 |
commit | 65953789bcd73f098486b0a385b4e661c0ccda19 (patch) | |
tree | 92a0208f5a4455b89f9549b802dc0f063e64711f /src/nix-daemon | |
parent | 910b0fcc118cce3ade09f252da43fbe2436080e5 (diff) |
Remove world-writability from per-user directories
'nix-daemon' now creates subdirectories for users when they first connect. Fixes #509 (CVE-2019-17365). Should also fix #3127. (cherry picked from commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d)
Diffstat (limited to 'src/nix-daemon')
-rw-r--r-- | src/nix-daemon/nix-daemon.cc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc index e88aaf636444..cd18489b0cdb 100644 --- a/src/nix-daemon/nix-daemon.cc +++ b/src/nix-daemon/nix-daemon.cc @@ -742,7 +742,8 @@ static void performOp(TunnelLogger * logger, ref<Store> store, } -static void processConnection(bool trusted) +static void processConnection(bool trusted, + const std::string & userName, uid_t userId) { MonitorFdHup monitor(from.fd); @@ -793,6 +794,8 @@ static void processConnection(bool trusted) params["path-info-cache-size"] = "0"; auto store = openStore(settings.storeUri, params); + store->createUser(userName, userId); + tunnelLogger->stopWork(); to.flush(); @@ -1053,7 +1056,7 @@ static void daemonLoop(char * * argv) /* Handle the connection. */ from.fd = remote.get(); to.fd = remote.get(); - processConnection(trusted); + processConnection(trusted, user, peer.uid); exit(0); }, options); @@ -1133,7 +1136,7 @@ static int _main(int argc, char * * argv) } } } else { - processConnection(true); + processConnection(true, "root", 0); } } else { daemonLoop(argv); |