From 3a4623afbbc1bff85bde33167d36e8c5a4a3df0d Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Thu, 26 Jul 2012 15:04:40 -0400
Subject: Set permissions on temporary build directories to 0700

Fixes #39.
---
 src/libstore/build.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/libstore/build.cc')

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index a3bde3462364..290635695e05 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1527,7 +1527,7 @@ void DerivationGoal::startBuilder()
 
     /* Create a temporary directory where the build will take
        place. */
-    tmpDir = createTempDir("", "nix-build-" + baseNameOf(drvPath), false, false);
+    tmpDir = createTempDir("", "nix-build-" + baseNameOf(drvPath), false, false, 0700);
 
     /* For convenience, set an environment pointing to the top build
        directory. */
@@ -2178,6 +2178,7 @@ void DerivationGoal::deleteTmpDir(bool force)
                 % drvPath % tmpDir);
             if (buildUser.enabled() && !amPrivileged())
                 getOwnership(tmpDir);
+            chmod(tmpDir.c_str(), 0755);
         }
         else
             deletePathWrapped(tmpDir);
-- 
cgit 1.4.1