14/27: Set /nix/store permission to 1737

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

14/27: Set /nix/store permission to 1737

From:	Ludovic Court�s
Subject:	14/27: Set /nix/store permission to 1737
Date:	Wed, 03 Jun 2015 22:00:40 +0000

civodul pushed a commit to branch nix
in repository guix.

commit 35605c4407a677752ed51a0f829cc0f42047b115
Author: Eelco Dolstra <address@hidden>
Date:   Thu Jan 8 16:39:07 2015 +0100

    Set /nix/store permission to 1737
    
    I.e., not readable to the nixbld group. This improves purity a bit for
    non-chroot builds, because it prevents a builder from enumerating
    store paths (i.e. it can only access paths it knows about).
---
 nix/libstore/build.cc       |   17 +----------------
 nix/libstore/local-store.cc |   27 +++++++++++++++------------
 2 files changed, 16 insertions(+), 28 deletions(-)

diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index c99bbed..43a6dd8 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -1746,22 +1746,7 @@ void DerivationGoal::startBuilder()
 
         /* Change ownership of the temporary build directory. */
         if (chown(tmpDir.c_str(), buildUser.getUID(), buildUser.getGID()) == 
-1)
-            throw SysError(format("cannot change ownership of `%1%'") % 
tmpDir);
-
-        /* Check that the Nix store has the appropriate permissions,
-           i.e., owned by root and mode 1775 (sticky bit on so that
-           the builder can create its output but not mess with the
-           outputs of other processes). */
-        struct stat st;
-        if (stat(settings.nixStore.c_str(), &st) == -1)
-            throw SysError(format("cannot stat `%1%'") % settings.nixStore);
-        if (!(st.st_mode & S_ISVTX) ||
-            ((st.st_mode & S_IRWXG) != S_IRWXG) ||
-            (st.st_gid != buildUser.getGID()))
-            throw Error(format(
-                "builder does not have write permission to `%2%'; "
-                "try `chgrp %1% %2%; chmod 1775 %2%'")
-                % buildUser.getGID() % settings.nixStore);
+            throw SysError(format("cannot change ownership of '%1%'") % 
tmpDir);
     }
 
 
diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc
index 00effa0..64ed41c 100644
--- a/nix/libstore/local-store.cc
+++ b/nix/libstore/local-store.cc
@@ -251,25 +251,28 @@ LocalStore::LocalStore(bool reserveSpace)
        multi-user install. */
     if (getuid() == 0 && settings.buildUsersGroup != "") {
 
+        mode_t perm = 01737;
+
         Path perUserDir = profilesDir + "/per-user";
         createDirs(perUserDir);
-        if (chmod(perUserDir.c_str(), 01777) == -1)
-            throw SysError(format("could not set permissions on `%1%' to 
1777") % perUserDir);
+        if (chmod(perUserDir.c_str(), perm) == -1)
+            throw SysError(format("could not set permissions on '%1%' to 
1737") % perUserDir);
 
         struct group * gr = getgrnam(settings.buildUsersGroup.c_str());
         if (!gr)
             throw Error(format("the group `%1%' specified in 
`build-users-group' does not exist")
                 % settings.buildUsersGroup);
-
-        struct stat st;
-        if (stat(settings.nixStore.c_str(), &st))
-            throw SysError(format("getting attributes of path `%1%'") % 
settings.nixStore);
-
-        if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & 
~S_IFMT) != 01775) {
-            if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1)
-                throw SysError(format("changing ownership of path `%1%'") % 
settings.nixStore);
-            if (chmod(settings.nixStore.c_str(), 01775) == -1)
-                throw SysError(format("changing permissions on path `%1%'") % 
settings.nixStore);
+        else {
+            struct stat st;
+            if (stat(settings.nixStore.c_str(), &st))
+                throw SysError(format("getting attributes of path '%1%'") % 
settings.nixStore);
+
+            if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & 
~S_IFMT) != perm) {
+                if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1)
+                    throw SysError(format("changing ownership of path '%1%'") 
% settings.nixStore);
+                if (chmod(settings.nixStore.c_str(), perm) == -1)
+                    throw SysError(format("changing permissions on path 
'%1%'") % settings.nixStore);
+            }
         }
     }

[Prev in Thread]

Current Thread

[Next in Thread]

03/27: Remove tabs, (continued)
- 03/27: Remove tabs, Ludovic Court�s, 2015/06/03
- 07/27: Shut up a Valgrind warning, Ludovic Court�s, 2015/06/03
- 06/27: Fix some memory leaks, Ludovic Court�s, 2015/06/03
- 08/27: Silence some warnings on GCC 4.9, Ludovic Court�s, 2015/06/03
- 09/27: Better error message, Ludovic Court�s, 2015/06/03
- 10/27: Explicitly include required C headers, Ludovic Court�s, 2015/06/03
- 05/27: Ensure we're writing to stderr in the builder, Ludovic Court�s, 2015/06/03
- 12/27: libutil: Improve errmsg on readLink size mismatch., Ludovic Court�s, 2015/06/03
- 13/27: libutil: Limit readLink() error to only overflows., Ludovic Court�s, 2015/06/03
- 11/27: Pedantry, Ludovic Court�s, 2015/06/03
- 14/27: Set /nix/store permission to 1737, Ludovic Court�s <=
- 16/27: Doh^2, Ludovic Court�s, 2015/06/03
- 17/27: Simplify printHash32, Ludovic Court�s, 2015/06/03
- 18/27: Simplify parseHash32, Ludovic Court�s, 2015/06/03
- 19/27: Use pivot_root in addition to chroot when possible, Ludovic Court�s, 2015/06/03
- 15/27: Doh, Ludovic Court�s, 2015/06/03
- 22/27: Tighten permissions on chroot directories, Ludovic Court�s, 2015/06/03
- 20/27: Use chroots for all derivations, Ludovic Court�s, 2015/06/03
- 25/27: Revert /nix/store permission back to 01775, Ludovic Court�s, 2015/06/03
- 21/27: Fix typos: s/the the/the/, Ludovic Court�s, 2015/06/03
- 24/27: Chroot builds: Provide world-readable /nix/store, Ludovic Court�s, 2015/06/03

Prev by Date: 11/27: Pedantry
Next by Date: 16/27: Doh^2
Previous by thread: 11/27: Pedantry
Next by thread: 16/27: Doh^2
Index(es):
- Date
- Thread