From 65953789bcd73f098486b0a385b4e661c0ccda19 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Wed, 9 Oct 2019 18:01:21 +0200
Subject: Remove world-writability from per-user directories

'nix-daemon' now creates subdirectories for users when they first
connect.

Fixes #509 (CVE-2019-17365).
Should also fix #3127.

(cherry picked from commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d)
---
 scripts/nix-profile.sh.in | 14 --------------
 1 file changed, 14 deletions(-)

(limited to 'scripts/nix-profile.sh.in')

diff --git a/scripts/nix-profile.sh.in b/scripts/nix-profile.sh.in
index 85f1d6e5dae2..7f9b5877a8dd 100644
--- a/scripts/nix-profile.sh.in
+++ b/scripts/nix-profile.sh.in
@@ -9,12 +9,6 @@ if [ -n "$HOME" ] && [ -n "$USER" ]; then
 
     NIX_USER_PROFILE_DIR=@localstatedir@/nix/profiles/per-user/$USER
 
-    mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR"
-
-    if [ "$(stat --printf '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then
-        echo "Nix: WARNING: bad ownership on "$NIX_USER_PROFILE_DIR", should be $(id -u)" >&2
-    fi
-
     if [ -w "$HOME" ]; then
         if ! [ -L "$NIX_LINK" ]; then
             echo "Nix: creating $NIX_LINK" >&2
@@ -33,14 +27,6 @@ if [ -n "$HOME" ] && [ -n "$USER" ]; then
             echo "https://nixos.org/channels/nixpkgs-unstable nixpkgs" > "$HOME/.nix-channels"
         fi
 
-        # Create the per-user garbage collector roots directory.
-        __user_gcroots=@localstatedir@/nix/gcroots/per-user/"$USER"
-        mkdir -m 0755 -p "$__user_gcroots"
-        if [ "$(stat --printf '%u' "$__user_gcroots")" != "$(id -u)" ]; then
-            echo "Nix: WARNING: bad ownership on $__user_gcroots, should be $(id -u)" >&2
-        fi
-        unset __user_gcroots
-
         # Set up a default Nix expression from which to install stuff.
         __nix_defexpr="$HOME"/.nix-defexpr
         [ -L "$__nix_defexpr" ] && rm -f "$__nix_defexpr"
-- 
cgit 1.4.1