* Beginning of secure multi-user Nix stores. If Nix is started as

root (or setuid root), then builds will be performed under one of the users listed in the `build-users' configuration variables. This is to make it impossible to influence build results externally, allowing locally built derivations to be shared safely between users (see ASE-2005 paper). To do: only one builder should be active per build user.
2025-06-27 04:21:16 +02:00 · 2005-10-17 15:33:24 +00:00 · 2005-10-17 15:33:24 +00:00 · 32282abcea
commit 32282abcea
parent 15ff877438
4 changed files with 219 additions and 58 deletions
--- a/src/libmain/shared.cc
+++ b/src/libmain/shared.cc
@ -334,6 +334,11 @@ void switchToNixUser()
        exit(1);
    }

+    /* !!! for setuid operation, we should: 1) wipe the environment;
+       2) verify file descriptors 0, 1, 2; 3) etc.
+       See: http://www.daemon-systems.org/man/setuid.7.html
+    */
+
    haveSwitched = true;
    
 #endif