ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-08 16:06:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix/nix/libstore
History
Ludovic Courtès 81c580c866
daemon: Make 'profiles/per-user' non-world-writable. 
Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.

Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.

* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter.  Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
2019-10-16 22:53:40 +02:00
..
.gitignore
build.cc daemon: Strictly respect timeouts for 'guix offload'. 2019-09-28 22:56:40 +02:00
builtins.cc daemon: Run 'guix perform-download' directly. 2019-09-08 11:49:24 +02:00
builtins.hh daemon: Allow check builds of 'builtin:download' derivations. 2017-01-11 17:06:31 +01:00
derivations.cc Merge branch 'nix'. 2015-07-03 00:30:55 +02:00
derivations.hh Merge branch 'nix'. 2015-07-03 00:30:55 +02:00
gc.cc daemon: Remove traces of 'NIX_ROOT_FINDER'. 2019-10-16 22:53:40 +02:00
globals.cc daemon: Remove 'NIX_LIBEXEC_DIR'. 2019-09-08 11:49:24 +02:00
globals.hh daemon: Remove 'NIX_LIBEXEC_DIR'. 2019-09-08 11:49:24 +02:00
local-store.cc daemon: Make 'profiles/per-user' non-world-writable. 2019-10-16 22:53:40 +02:00
local-store.hh daemon: Make 'profiles/per-user' non-world-writable. 2019-10-16 22:53:40 +02:00
misc.cc daemon: Remove dead code. 2018-03-30 23:42:07 +02:00
misc.hh daemon: Remove dead code. 2018-03-30 23:42:07 +02:00
optimise-store.cc Remove traces of "GuixSD". 2019-03-13 23:12:43 +01:00
pathlocks.cc daemon: ~PathLocks(): Handle exceptions. 2016-05-31 14:25:28 +02:00
pathlocks.hh
references.cc
references.hh
sqlite.cc daemon: Improve the SQLite wrapper API. 2016-10-28 22:30:17 +02:00
sqlite.hh daemon: Improve the SQLite wrapper API. 2016-10-28 22:30:17 +02:00
store-api.cc daemon: Replace "illegal" by "invalid" in error messages. 2019-06-13 00:44:01 +02:00
store-api.hh daemon: Make 'profiles/per-user' non-world-writable. 2019-10-16 22:53:40 +02:00
worker-protocol.hh daemon: Support multiplexed build output. 2018-10-15 22:40:35 +02:00