wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 06:01:48 +02:00
Code Activity

libstore: ensure that temporary directory is always 0o000 before deletion

Browse source 
In the case the deletion fails, we should ensure that the temporary
directory cannot be used for nefarious purposes.

Change-Id: I498a2dd0999a74195d13642f44a5de1e69d46120
Signed-off-by: Raito Bezarius <raito@lix.systems>
This commit is contained in:
Raito Bezarius 2025-03-27 12:22:26 +01:00 committed by Jörg Thalheim
parent 5ec047f348
commit 4ea4813753
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/libstore/unix/build/derivation-builder.cc
View file

@ -2093,6 +2093,15 @@ void DerivationBuilderImpl::checkOutputs(const std::map<std::string, ValidPathIn
void DerivationBuilderImpl::deleteTmpDir(bool force) void DerivationBuilderImpl::deleteTmpDir(bool force)
{ {
if (topTmpDir != "") { if (topTmpDir != "") {
/* As an extra caution, even in the event of `deletePath` failing to
* cleaning up behind. The `tmpDir` will be chown as if we were to move
* it inside the Nix store.
*
* This hardens against an attack which smuggles a file descriptor
* to make use of the temporary directory.
*/
chmod(topTmpDir.c_str(), 0000);
/* Don't keep temporary directories for builtins because they /* Don't keep temporary directories for builtins because they
might have privileged stuff (like a copy of netrc). */ might have privileged stuff (like a copy of netrc). */
if (settings.keepFailed && !force && !drv.isBuiltin()) { if (settings.keepFailed && !force && !drv.isBuiltin()) {