wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-24 22:11:15 +02:00
Code Activity

Remove world-writability from per-user directories

Browse source 
'nix-daemon' now creates subdirectories for users when they first
connect.

Fixes #509 (CVE-2019-17365).
Should also fix #3127.
This commit is contained in:
Eelco Dolstra 2019-10-09 18:01:21 +02:00
parent 4331eeb13d
commit 5a303093dc
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
11 changed files with 41 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

14
scripts/nix-profile.sh.in
View file

@ -9,12 +9,6 @@ if [ -n "$HOME" ] && [ -n "$USER" ]; then
NIX_USER_PROFILE_DIR=@localstatedir@/nix/profiles/per-user/$USER
mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR"
if [ "$(stat --printf '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then
echo "Nix: WARNING: bad ownership on "$NIX_USER_PROFILE_DIR", should be $(id -u)" >&2
fi
if [ -w "$HOME" ]; then
if ! [ -L "$NIX_LINK" ]; then
echo "Nix: creating $NIX_LINK" >&2
@ -33,14 +27,6 @@ if [ -n "$HOME" ] && [ -n "$USER" ]; then
echo "https://nixos.org/channels/nixpkgs-unstable nixpkgs" > "$HOME/.nix-channels"
fi
# Create the per-user garbage collector roots directory.
__user_gcroots=@localstatedir@/nix/gcroots/per-user/"$USER"
mkdir -m 0755 -p "$__user_gcroots"
if [ "$(stat --printf '%u' "$__user_gcroots")" != "$(id -u)" ]; then
echo "Nix: WARNING: bad ownership on $__user_gcroots, should be $(id -u)" >&2
fi
unset __user_gcroots
# Set up a default Nix expression from which to install stuff.
__nix_defexpr="$HOME"/.nix-defexpr
[ -L "$__nix_defexpr" ] && rm -f "$__nix_defexpr"