From 35605c4407a677752ed51a0f829cc0f42047b115 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 8 Jan 2015 16:39:07 +0100 Subject: [PATCH] Set /nix/store permission to 1737 I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about). --- nix/libstore/build.cc | 17 +---------------- nix/libstore/local-store.cc | 25 ++++++++++++++----------- 2 files changed, 15 insertions(+), 27 deletions(-) diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc index c99bbed361..43a6dd8b46 100644 --- a/nix/libstore/build.cc +++ b/nix/libstore/build.cc @@ -1746,22 +1746,7 @@ void DerivationGoal::startBuilder() /* Change ownership of the temporary build directory. */ if (chown(tmpDir.c_str(), buildUser.getUID(), buildUser.getGID()) == -1) - throw SysError(format("cannot change ownership of `%1%'") % tmpDir); - - /* Check that the Nix store has the appropriate permissions, - i.e., owned by root and mode 1775 (sticky bit on so that - the builder can create its output but not mess with the - outputs of other processes). */ - struct stat st; - if (stat(settings.nixStore.c_str(), &st) == -1) - throw SysError(format("cannot stat `%1%'") % settings.nixStore); - if (!(st.st_mode & S_ISVTX) || - ((st.st_mode & S_IRWXG) != S_IRWXG) || - (st.st_gid != buildUser.getGID())) - throw Error(format( - "builder does not have write permission to `%2%'; " - "try `chgrp %1% %2%; chmod 1775 %2%'") - % buildUser.getGID() % settings.nixStore); + throw SysError(format("cannot change ownership of '%1%'") % tmpDir); } diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc index 00effa0793..64ed41cc86 100644 --- a/nix/libstore/local-store.cc +++ b/nix/libstore/local-store.cc @@ -251,25 +251,28 @@ LocalStore::LocalStore(bool reserveSpace) multi-user install. */ if (getuid() == 0 && settings.buildUsersGroup != "") { + mode_t perm = 01737; + Path perUserDir = profilesDir + "/per-user"; createDirs(perUserDir); - if (chmod(perUserDir.c_str(), 01777) == -1) - throw SysError(format("could not set permissions on `%1%' to 1777") % perUserDir); + if (chmod(perUserDir.c_str(), perm) == -1) + throw SysError(format("could not set permissions on '%1%' to 1737") % perUserDir); struct group * gr = getgrnam(settings.buildUsersGroup.c_str()); if (!gr) throw Error(format("the group `%1%' specified in `build-users-group' does not exist") % settings.buildUsersGroup); + else { + struct stat st; + if (stat(settings.nixStore.c_str(), &st)) + throw SysError(format("getting attributes of path '%1%'") % settings.nixStore); - struct stat st; - if (stat(settings.nixStore.c_str(), &st)) - throw SysError(format("getting attributes of path `%1%'") % settings.nixStore); - - if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & ~S_IFMT) != 01775) { - if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1) - throw SysError(format("changing ownership of path `%1%'") % settings.nixStore); - if (chmod(settings.nixStore.c_str(), 01775) == -1) - throw SysError(format("changing permissions on path `%1%'") % settings.nixStore); + if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & ~S_IFMT) != perm) { + if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1) + throw SysError(format("changing ownership of path '%1%'") % settings.nixStore); + if (chmod(settings.nixStore.c_str(), perm) == -1) + throw SysError(format("changing permissions on path '%1%'") % settings.nixStore); + } } }