* Added a test that make sure that users cannot register

specially-crafted derivations that produce output paths belonging to other derivations. This could be used to inject malware into the store.
author: Eelco Dolstra <e.dolstra@tudelft.nl> 2011-07-20T12·15+0000
committer: Eelco Dolstra <e.dolstra@tudelft.nl> 2011-07-20T12·15+0000
commit: d2bfe1b071d0d71bb981535a53e9c5de43aaac81 (patch)
tree: ebf46ffb027950c453f25588204b98b7bbc58c2b /tests/secure-drv-outputs.nix
parent: 4bdb51e621e2690e561b7581d5670af08e7b3170 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/secure-drv-outputs.nix b/tests/secure-drv-outputs.nix
new file mode 100644
index 000000000000..da4012eb41c0
--- /dev/null
+++ b/tests/secure-drv-outputs.nix
@@ -0,0 +1,23 @@
+with import ./config.nix;
+
+{
+
+  good = mkDerivation {
+    name = "good";
+    builder = builtins.toFile "builder"
+      ''
+        mkdir $out
+        touch $out/good
+      '';
+  };
+
+  bad = mkDerivation {
+    name = "good";
+    builder = builtins.toFile "builder"
+      ''
+        mkdir $out
+        touch $out/bad
+      '';
+  };
+
+}
author	Eelco Dolstra <e.dolstra@tudelft.nl>	2011-07-20T12·15+0000
committer	Eelco Dolstra <e.dolstra@tudelft.nl>	2011-07-20T12·15+0000
commit	d2bfe1b071d0d71bb981535a53e9c5de43aaac81 (patch)
tree	ebf46ffb027950c453f25588204b98b7bbc58c2b /tests/secure-drv-outputs.nix
parent	4bdb51e621e2690e561b7581d5670af08e7b3170 (diff)