From d2bfe1b071d0d71bb981535a53e9c5de43aaac81 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <e.dolstra@tudelft.nl>
Date: Wed, 20 Jul 2011 12:15:40 +0000
Subject: * Added a test that make sure that users cannot register  
 specially-crafted derivations that produce output paths belonging to   other
 derivations.  This could be used to inject malware into the   store.

---
 tests/Makefile.am            |  3 ++-
 tests/secure-drv-outputs.nix | 23 +++++++++++++++++++++++
 tests/secure-drv-outputs.sh  | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 tests/secure-drv-outputs.nix
 create mode 100644 tests/secure-drv-outputs.sh

(limited to 'tests')

diff --git a/tests/Makefile.am b/tests/Makefile.am
index d383bce248ea..956015be99a6 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -8,7 +8,7 @@ TESTS = init.sh hash.sh lang.sh add.sh simple.sh dependencies.sh \
   referrers.sh user-envs.sh logging.sh nix-build.sh misc.sh fixed.sh \
   gc-runtime.sh install-package.sh check-refs.sh filter-source.sh \
   remote-store.sh export.sh export-graph.sh negative-caching.sh \
-  binary-patching.sh timeout.sh
+  binary-patching.sh timeout.sh secure-drv-outputs.sh
 
 XFAIL_TESTS =
 
@@ -34,5 +34,6 @@ EXTRA_DIST = $(TESTS) \
   negative-caching.nix \
   binary-patching.nix \
   timeout.nix timeout.builder.sh \
+  secure-drv-outputs.nix \
   $(wildcard lang/*.nix) $(wildcard lang/*.exp) $(wildcard lang/*.exp.xml) $(wildcard lang/*.flags) \
   common.sh.in
diff --git a/tests/secure-drv-outputs.nix b/tests/secure-drv-outputs.nix
new file mode 100644
index 000000000000..da4012eb41c0
--- /dev/null
+++ b/tests/secure-drv-outputs.nix
@@ -0,0 +1,23 @@
+with import ./config.nix;
+
+{
+
+  good = mkDerivation {
+    name = "good";
+    builder = builtins.toFile "builder"
+      ''
+        mkdir $out
+        touch $out/good
+      '';
+  };
+
+  bad = mkDerivation {
+    name = "good";
+    builder = builtins.toFile "builder"
+      ''
+        mkdir $out
+        touch $out/bad
+      '';
+  };
+
+}
diff --git a/tests/secure-drv-outputs.sh b/tests/secure-drv-outputs.sh
new file mode 100644
index 000000000000..25dd6bfc01fe
--- /dev/null
+++ b/tests/secure-drv-outputs.sh
@@ -0,0 +1,37 @@
+# Test that users cannot register specially-crafted derivations that
+# produce output paths belonging to other derivations.  This could be
+# used to inject malware into the store.
+
+source common.sh
+
+clearStore
+clearManifests
+
+startDaemon
+
+# Determine the output path of the "good" derivation.
+goodOut=$($nixstore -q $($nixinstantiate ./secure-drv-outputs.nix -A good))
+
+# Instantiate the "bad" derivation.
+badDrv=$($nixinstantiate ./secure-drv-outputs.nix -A bad)
+badOut=$($nixstore -q $badDrv)
+
+# Rewrite the bad derivation to produce the output path of the good
+# derivation.
+rm -f $TEST_ROOT/bad.drv
+sed -e "s|$badOut|$goodOut|g" < $badDrv > $TEST_ROOT/bad.drv
+
+# Add the manipulated derivation to the store and build it.  This
+# should fail.
+if badDrv2=$($nixstore --add $TEST_ROOT/bad.drv); then
+    $nixstore -r "$badDrv2"
+fi
+
+# Now build the good derivation.
+goodOut2=$($nixbuild ./secure-drv-outputs.nix -A good)
+test "$goodOut" = "$goodOut2"
+
+if ! test -e "$goodOut"/good; then
+    echo "Bad derivation stole the output path of the good derivation!"
+    exit 1
+fi
-- 
cgit 1.4.1