about summary refs log tree commit diff
path: root/src/libutil
diff options
context:
space:
mode:
Diffstat (limited to 'src/libutil')
-rw-r--r--src/libutil/util.cc16
-rw-r--r--src/libutil/util.hh4
2 files changed, 20 insertions, 0 deletions
diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index b152dc8f4b0b..fb6411408d08 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -17,6 +17,9 @@
 #include "util.hh"
 
 
+extern char * * environ;
+
+
 namespace nix {
 
 
@@ -818,6 +821,19 @@ void quickExit(int status)
 }
 
 
+void setuidCleanup()
+{
+    /* Don't trust the environment. */
+    environ = 0;
+
+    /* Make sure that file descriptors 0, 1, 2 are open. */
+    for (int fd = 0; fd <= 2; ++fd) {
+        struct stat st;
+        if (fstat(fd, &st) == -1) abort();
+    }
+}
+
+
 //////////////////////////////////////////////////////////////////////
 
 
diff --git a/src/libutil/util.hh b/src/libutil/util.hh
index b850ee798c7c..8f79ec9be2c1 100644
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@@ -237,6 +237,10 @@ string runProgram(Path program);
    Cygwin, _exit() doesn't seem to do the right thing.) */
 void quickExit(int status);
 
+/* Common initialisation for setuid programs: clear the environment,
+   sanitize file handles 0, 1 and 2. */
+void setuidCleanup();
+
 
 /* User interruption. */