daemon: Require a signature for imports made by root.

This reinstates commit aa0f8409, which was inadvertently undone in commit
322eeb87.

Running 'guix archive --import' as root would have let corrupt or unauthentic
store items through.

Reported by Eric Hanchrow <eric.hanchrow@gmail.com>
at <http://bugs.gnu.org/21354>.

* nix/nix-daemon/nix-daemon.cc (performOp) <wopImportPaths>: Pass true as the
  first argument to 'importPaths'.
This commit is contained in:
Ludovic Courtès 2015-08-27 10:58:31 +02:00
parent 54e515eb75
commit ef80ca96fa

View file

@ -440,7 +440,10 @@ static void performOp(bool trusted, unsigned int clientVersion,
case wopImportPaths: { case wopImportPaths: {
startWork(); startWork();
TunnelSource source(from); TunnelSource source(from);
Paths paths = store->importPaths(!trusted, source);
/* Unlike Nix, always require a signature, even for "trusted"
users. */
Paths paths = store->importPaths(true, source);
stopWork(); stopWork();
writeStrings(paths, to); writeStrings(paths, to);
break; break;