guix/nix
Ludovic Courtès ec7fb66994
daemon: Prevent privilege escalation with '--keep-failed' [security].
Fixes <https://bugs.gnu.org/47229>.
Reported by Nathan Nye of WhiteBeam Security.

* nix/libstore/build.cc (DerivationGoal::startBuilder): When 'useChroot'
is true, add "/top" to 'tmpDir'.
(DerivationGoal::deleteTmpDir): Adjust accordingly.  When
'settings.keepFailed' is true, chown in two steps: first the "/top"
sub-directory, and then rename "/top" to its parent.
2021-03-18 12:18:56 +01:00
..
boost nix: Tweak .gitignore files. 2020-06-24 19:55:22 +01:00
libstore daemon: Prevent privilege escalation with '--keep-failed' [security]. 2021-03-18 12:18:56 +01:00
libutil daemon: 'Agent' constructor takes a list of environment variables. 2020-12-08 22:30:07 +01:00
nix-daemon daemon: Correctly handle '--discover' with no value. 2021-03-17 12:03:23 +01:00
.gitignore build: Include a copy of Nix's libstore and daemon; build it. 2012-12-03 23:05:08 +01:00
AUTHORS Merge branch 'nix' into 'master'. 2014-12-19 22:47:37 +01:00
COPYING Merge branch 'nix' into 'master'. 2014-12-19 22:47:37 +01:00
local.mk maint: Add 'etc/gnu-store.mount.in' to the distribution. 2020-10-27 18:00:29 +01:00