TakeV
/
guix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't let unprivileged users repair paths

This commit is contained in:
Eelco Dolstra 2015-06-02 02:21:54 +02:00 committed by Ludovic Courtès
parent 715478fe09
commit e531520ddc
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nix/nix-daemon/nix-daemon.cc
View File

@ -648,13 +648,15 @@ static void performOp(bool trusted, unsigned int clientVersion,
break;
case wopVerifyStore: {
bool checkContents = readInt(from) != 0;
bool repair = readInt(from) != 0;
startWork();
bool errors = store->verifyStore(checkContents, repair);
stopWork();
writeInt(errors, to);
break;
bool checkContents = readInt(from) != 0;
bool repair = readInt(from) != 0;
startWork();
if (repair && !trusted)
throw Error("you are not privileged to repair paths");
bool errors = store->verifyStore(checkContents, repair);
stopWork();
writeInt(errors, to);
break;
}
default: