From 1a8e15053a6611963042306d4d3b0d5b89629eb1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 11 May 2017 13:58:09 +0200 Subject: Don't allow untrusted users to set info.ultimate Note that a trusted signature was still required in this case so it was not a huge deal. --- src/nix-daemon/nix-daemon.cc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc index 1b90fad165af..d2bb7b8c88b5 100644 --- a/src/nix-daemon/nix-daemon.cc +++ b/src/nix-daemon/nix-daemon.cc @@ -621,6 +621,8 @@ static void performOp(ref store, bool trusted, unsigned int clientVe from >> info.ca >> repair >> dontCheckSigs; if (!trusted && dontCheckSigs) dontCheckSigs = false; + if (!trusted) + info.ultimate = false; TeeSink tee(from); parseDump(tee, tee.source); -- cgit 1.4.1