about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--src/nix-daemon/nix-daemon.cc16
1 files changed, 9 insertions, 7 deletions
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc
index b3552a972f8d..ad8b0d133d82 100644
--- a/src/nix-daemon/nix-daemon.cc
+++ b/src/nix-daemon/nix-daemon.cc
@@ -520,13 +520,15 @@ static void performOp(bool trusted, unsigned int clientVersion,
         break;
 
     case wopVerifyStore: {
-	bool checkContents = readInt(from) != 0;
-	bool repair = readInt(from) != 0;
-	startWork();
-	bool errors = store->verifyStore(checkContents, repair);
-	stopWork();
-	writeInt(errors, to);
-	break;
+        bool checkContents = readInt(from) != 0;
+        bool repair = readInt(from) != 0;
+        startWork();
+        if (repair && !trusted)
+            throw Error("you are not privileged to repair paths");
+        bool errors = store->verifyStore(checkContents, repair);
+        stopWork();
+        writeInt(errors, to);
+        break;
     }
 
     default: