about summary refs log tree commit diff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2015-02-16 Use pivot_root in addition to chroot when possibleHarald van Dijk1-7/+28
chroot only changes the process root directory, not the mount namespace root directory, and it is well-known that any process with chroot capability can break out of a chroot "jail". By using pivot_root as well, and unmounting the original mount namespace root directory, breaking out becomes impossible. Non-root processes typically have no ability to use chroot() anyway, but they can gain that capability through the use of clone() or unshare(). For security reasons, these syscalls are limited in functionality when used inside a normal chroot environment. Using pivot_root() this way does allow those syscalls to be put to their full use.
2015-02-10 Make libsodium an optional dependencyEelco Dolstra1-0/+6
2015-02-10 Add base64 encoder/decoderEelco Dolstra3-8/+66
2015-02-05 Remove tabEelco Dolstra1-1/+1
2015-02-04 Require linux 3.13 or later for chrootShea Levy1-1/+6
Fixes #453
2015-02-04 Use libsodium instead of OpenSSL for binary cache signingEelco Dolstra4-10/+53
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2015-02-03 Simplify parseHash32Eelco Dolstra1-37/+10
2015-02-03 Simplify printHash32Eelco Dolstra1-35/+17
2015-01-29 Merge remote-tracking branch 'shlevy/baseNameOf-no-copy'Shea Levy1-1/+1
baseNameOf: Don't copy paths to the store first
2015-01-18 Make inputs writeable in the sandbox (builds still can’t actually write ↵Daniel Peebles1-2/+7
due to user permissions)
2015-01-15 Fix assertion failure in nix-envEelco Dolstra2-4/+8
$ nix-env -f ~/Dev/nixops/ -iA foo nix-env: src/libexpr/eval.hh:57: void nix::Bindings::push_back(const nix::Attr&): Assertion `size_ < capacity' failed. Aborted
2015-01-13 Allow using /bin and /usr/bin as impure prefixes on non-darwin by defaultShea Levy1-1/+1
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
2015-01-13 SysError -> ErrorEelco Dolstra1-1/+1
2015-01-13 Don't resolve symlinks while checking __impureHostDepsEelco Dolstra1-2/+5
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
2015-01-12 Add basic Apple sandbox supportDaniel Peebles1-17/+169
2015-01-09 Fix builtins.readDir on XFSEelco Dolstra1-1/+1
The DT_UNKNOWN fallback code was getting the type of the wrong path, causing readDir to report "directory" as the type of every file. Reported by deepfire on IRC.
2015-01-08 Doh^2Eelco Dolstra1-1/+1
2015-01-08 DohEelco Dolstra1-3/+3
2015-01-08 Set /nix/store permission to 1737Eelco Dolstra2-19/+6
I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about).
2015-01-07 Show position info for failing <...> lookupsEelco Dolstra3-4/+8
2015-01-07 Remove quotes around filenames in position infoEelco Dolstra1-1/+1
2015-01-06 Fix building on DarwinEelco Dolstra1-1/+4
Fixes #433.
2015-01-02 Allow $NIX_PAGER to override $PAGEREelco Dolstra1-4/+5
2015-01-02 libutil: Limit readLink() error to only overflows.aszlig1-2/+2
Let's not just improve the error message itself, but also the behaviour to actually work around the ntfs-3g symlink bug. If the readlink() call returns a smaller size than the stat() call, this really isn't a problem even if the symlink target really has changed between the calls. So if stat() reports the size for the absolute path, it's most likely that the relative path is smaller and thus it should also work for file system bugs as mentioned in 93002d69fc58c2b71e2dfad202139230c630c53a. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2015-01-02 libutil: Improve errmsg on readLink size mismatch.aszlig1-1/+5
A message like "error: reading symbolic link `...' : Success" really is quite confusing, so let's not indicate "success" but rather point out the real issue. We could also limit the check of this to just check for non-negative values, but this would introduce a race condition between stat() and readlink() if the link target changes between those two calls, thus leading to a buffer overflow vulnerability. Reported by @Ericson2314 on IRC. Happened due to a possible ntfs-3g bug where a relative symlink returned the absolute path (st_)size in stat() while readlink() returned the relative size. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2014-12-29 LocalStore initialization: Don't die if build-users-group doesn't existShea Levy1-11/+12
See NixOS/nixpkgs@9245516
2014-12-23 Revive running builds in a PID namespaceEelco Dolstra1-30/+59
2014-12-14 PedantryEelco Dolstra5-8/+4
2014-12-14 Merge branch 'cygwin-master' of https://github.com/ternaris/nixEelco Dolstra5-0/+5
2014-12-13 Better error messageEelco Dolstra1-1/+1
2014-12-12 Silence some warnings on GCC 4.9Eelco Dolstra4-7/+12
2014-12-12 Shut up a Valgrind warningEelco Dolstra1-1/+1
2014-12-12 Fix some memory leaksEelco Dolstra3-35/+27
2014-12-12 Ensure we're writing to stderr in the builderEelco Dolstra6-19/+21
http://hydra.nixos.org/build/17862041
2014-12-12 Don't abort if we get a signal while waiting for the pagerEelco Dolstra1-4/+8
2014-12-12 Get rid of unnecessary "interrupted by the user" message with -vvvEelco Dolstra1-0/+2
2014-12-12 Remove chatty messageEelco Dolstra1-2/+0
This broke building with "-vv", because the builder is not allowed to write to stderr at this point.
2014-12-12 DohEelco Dolstra2-3/+3
2014-12-12 Remove tabsEelco Dolstra1-5/+5
2014-12-12 Remove dead codeEelco Dolstra1-9/+0
2014-12-12 Remove canary stuffEelco Dolstra4-58/+0
2014-12-10 Provide default pagersEelco Dolstra1-3/+8
Borrowed from systemd.
2014-12-10 Don't do vfork in conjunction with setuidEelco Dolstra2-0/+5
2014-12-10 Use vforkEelco Dolstra3-11/+39
2014-12-10 Rename functionEelco Dolstra1-4/+4
2014-12-10 Don't wait for PID -1Eelco Dolstra1-1/+2
The pid field can be -1 if forking the substituter process failed.
2014-12-10 Revert "Use posix_spawn to run the pager"Eelco Dolstra3-39/+10
This reverts commit d34d2b2bbf784c0bb420a50905af25e02c6e4989.
2014-12-10 builtins.readFile: realise context associated with the pathShea Levy1-2/+6
2014-12-09 Explicitly include required C headersMarko Durkovic5-0/+5
2014-12-05 Define ‘environ’Eelco Dolstra1-0/+2
http://hydra.nixos.org/build/17690555