diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-01-13T10·16+0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-01-13T10·16+0100 |
commit | 100961e370db16979267b56acf73dd4523be9cd2 (patch) | |
tree | 357607682257fb4785d1c48b28817954e4b626fa /src | |
parent | f1151a3373c1df77255cb63a01daf29fd093d690 (diff) |
Don't resolve symlinks while checking __impureHostDeps
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
Diffstat (limited to 'src')
-rw-r--r-- | src/libstore/build.cc | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 2bd0d2030689..280fd6f6e821 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1784,10 +1784,13 @@ void DerivationGoal::startBuilder() for (auto & i : impurePaths) { bool found = false; - Path canonI = canonPath(i, true); + /* Note: we're not resolving symlinks here to prevent + giving a non-root user info about inaccessible + files. */ + Path canonI = canonPath(i); /* If only we had a trie to do this more efficiently :) luckily, these are generally going to be pretty small */ for (auto & a : allowedPaths) { - Path canonA = canonPath(a, true); + Path canonA = canonPath(a); if (canonI == canonA || isInDir(canonI, canonA)) { found = true; break; |