From 0ca95022648b6843b2125cafe5ef5ff68cba2cf7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 6 Jun 2017 18:52:15 +0200 Subject: [PATCH] Disable the build user mechanism on all platforms except Linux and OS X (cherry picked from commit c8cc50d46e78de7ae02c2cb7a5159e995c993f61) --- src/libstore/build.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/libstore/build.cc b/src/libstore/build.cc index fb218f3cf..b32a3d3a2 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1895,7 +1895,13 @@ void DerivationGoal::startBuilder() /* If `build-users-group' is not empty, then we have to build as one of the members of that group. */ if (settings.buildUsersGroup != "") { +#if defined(__linux__) || defined(__APPLE__) buildUser.acquire(); +#else + /* Don't know how to block the creation of setuid/setgid + binaries on this platform. */ + throw Error("build users are not supported on this platform for security reasons"); +#endif assert(buildUser.getUID() != 0); assert(buildUser.getGID() != 0);