From 32282abceaebbe574fa83c074aa8dbff19f937bb Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <e.dolstra@tudelft.nl>
Date: Mon, 17 Oct 2005 15:33:24 +0000
Subject: * Beginning of secure multi-user Nix stores.  If Nix is started as  
 root (or setuid root), then builds will be performed under one of   the users
 listed in the `build-users' configuration variables.  This   is to make it
 impossible to influence build results externally,   allowing locally built
 derivations to be shared safely between   users (see ASE-2005 paper).

  To do: only one builder should be active per build user.
---
 src/libmain/shared.cc | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/libmain')

diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc
index 0a6ebcd5c225..bc7b2dd51fef 100644
--- a/src/libmain/shared.cc
+++ b/src/libmain/shared.cc
@@ -334,6 +334,11 @@ void switchToNixUser()
         exit(1);
     }
 
+    /* !!! for setuid operation, we should: 1) wipe the environment;
+       2) verify file descriptors 0, 1, 2; 3) etc.
+       See: http://www.daemon-systems.org/man/setuid.7.html
+    */
+
     haveSwitched = true;
     
 #endif
-- 
cgit 1.4.1