5526a282b5
It turns out that in multi-user Nix, a builder may be able to do
ln /etc/shadow $out/foo
Afterwards, canonicalisePathMetaData() will be applied to $out/foo,
causing /etc/shadow's mode to be set to 444 (readable by everybody but
writable by nobody). That's obviously Very Bad.
Fortunately, this fails in NixOS's default configuration because
/nix/store is a bind mount, so "ln" will fail with "Invalid
cross-device link". It also fails if hard-link restrictions are
enabled, so a workaround is:
echo 1 > /proc/sys/fs/protected_hardlinks
The solution is to check that all files in $out are owned by the build
user. This means that innocuous operations like "ln
${pkgs.foo}/some-file $out/" are now rejected, but that already failed
in chroot builds anyway.
|
||
|---|---|---|
| corepkgs | ||
| doc | ||
| misc | ||
| perl | ||
| scripts | ||
| src | ||
| tests | ||
| .gitignore | ||
| AUTHORS | ||
| COPYING | ||
| INSTALL | ||
| Makefile.am | ||
| README | ||
| bootstrap.sh | ||
| build.nix | ||
| configure.ac | ||
| nix.spec.in | ||
| release.nix | ||
| substitute.mk | ||
| version | ||
README
Nix is a purely functional package manager. For installation and usage instructions, please read the manual, which can be found in `docs/manual/manual.html', and additionally at the Nix website at <http://nixos.org/>. Acknowledgments This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/).