[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
22/27: Tighten permissions on chroot directories
From: |
Ludovic Courtès |
Subject: |
22/27: Tighten permissions on chroot directories |
Date: |
Wed, 03 Jun 2015 22:00:45 +0000 |
civodul pushed a commit to branch nix
in repository guix.
commit 1f595ba474d8112e73df1ef7578014e59ebfccd0
Author: Eelco Dolstra <address@hidden>
Date: Tue Mar 24 11:35:53 2015 +0100
Tighten permissions on chroot directories
---
nix/libstore/build.cc | 14 ++++++++++++--
1 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index 7153c85..9a69a79 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -1768,6 +1768,12 @@ void DerivationGoal::startBuilder()
printMsg(lvlChatty, format("setting up chroot environment in `%1%'") %
chrootRootDir);
+ if (mkdir(chrootRootDir.c_str(), 0750) == -1)
+ throw SysError(format("cannot create ‘%1%’") % chrootRootDir);
+
+ if (chown(chrootRootDir.c_str(), 0, buildUser.getGID()) == -1)
+ throw SysError(format("cannot change ownership of ‘%1%’") %
chrootRootDir);
+
/* Create a writable /tmp in the chroot. Many builders need
this. (Of course they should really respect $TMPDIR
instead.) */
@@ -1818,8 +1824,12 @@ void DerivationGoal::startBuilder()
can be bind-mounted). !!! As an extra security
precaution, make the fake Nix store only writable by the
build user. */
- createDirs(chrootRootDir + settings.nixStore);
- chmod_(chrootRootDir + settings.nixStore, 01777);
+ Path chrootStoreDir = chrootRootDir + settings.nixStore;
+ createDirs(chrootStoreDir);
+ chmod_(chrootStoreDir, 0730);
+
+ if (chown(chrootStoreDir.c_str(), 0, buildUser.getGID()) == -1)
+ throw SysError(format("cannot change ownership of ‘%1%’") %
chrootStoreDir);
foreach (PathSet::iterator, i, inputPaths) {
struct stat st;
- 05/27: Ensure we're writing to stderr in the builder, (continued)
- 05/27: Ensure we're writing to stderr in the builder, Ludovic Courtès, 2015/06/03
- 12/27: libutil: Improve errmsg on readLink size mismatch., Ludovic Courtès, 2015/06/03
- 13/27: libutil: Limit readLink() error to only overflows., Ludovic Courtès, 2015/06/03
- 11/27: Pedantry, Ludovic Courtès, 2015/06/03
- 14/27: Set /nix/store permission to 1737, Ludovic Courtès, 2015/06/03
- 16/27: Doh^2, Ludovic Courtès, 2015/06/03
- 17/27: Simplify printHash32, Ludovic Courtès, 2015/06/03
- 18/27: Simplify parseHash32, Ludovic Courtès, 2015/06/03
- 19/27: Use pivot_root in addition to chroot when possible, Ludovic Courtès, 2015/06/03
- 15/27: Doh, Ludovic Courtès, 2015/06/03
- 22/27: Tighten permissions on chroot directories,
Ludovic Courtès <=
- 20/27: Use chroots for all derivations, Ludovic Courtès, 2015/06/03
- 25/27: Revert /nix/store permission back to 01775, Ludovic Courtès, 2015/06/03
- 21/27: Fix typos: s/the the/the/, Ludovic Courtès, 2015/06/03
- 24/27: Chroot builds: Provide world-readable /nix/store, Ludovic Courtès, 2015/06/03
- 23/27: addToStore(): Take explicit name argument, Ludovic Courtès, 2015/06/03
- 27/27: Don't let unprivileged users repair paths, Ludovic Courtès, 2015/06/03
- 26/27: Add a ‘verifyStore’ RPC, Ludovic Courtès, 2015/06/03