guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

27/27: Don't let unprivileged users repair paths

From: Ludovic Courtès
Subject: 27/27: Don't let unprivileged users repair paths
Date: Wed, 03 Jun 2015 22:00:47 +0000 
civodul pushed a commit to branch nix
in repository guix.

commit e531520ddcd54903bbea0f3ce08dfbed830f40aa
Author: Eelco Dolstra <address@hidden>
Date:   Tue Jun 2 02:21:54 2015 +0200

    Don't let unprivileged users repair paths
---
 nix/nix-daemon/nix-daemon.cc |   16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 96a4e4b..2b89190 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -648,13 +648,15 @@ static void performOp(bool trusted, unsigned int 
clientVersion,
         break;
 
     case wopVerifyStore: {
-       bool checkContents = readInt(from) != 0;
-       bool repair = readInt(from) != 0;
-       startWork();
-       bool errors = store->verifyStore(checkContents, repair);
-       stopWork();
-       writeInt(errors, to);
-       break;
+        bool checkContents = readInt(from) != 0;
+        bool repair = readInt(from) != 0;
+        startWork();
+        if (repair && !trusted)
+            throw Error("you are not privileged to repair paths");
+        bool errors = store->verifyStore(checkContents, repair);
+        stopWork();
+        writeInt(errors, to);
+        break;
     }
 
     default:
reply via email to
[Prev in Thread] Current Thread [Next in Thread]