daemon: Sanitize failed build outputs prior to exposing them. - guix

diff options

author	Reepca Russelstein <reepca@russelstein.xyz>	2024-10-20 15:36:06 -0500
committer	Ludovic Courtès <ludo@gnu.org>	2024-10-21 00:09:10 +0200
commit	558224140dab669cabdaebabff18504a066c48d4 (patch)
tree	e5bae2ebffdbbc33695f09917b13f6aebc1cdbe4 /nix/libstore/pathlocks.hh
parent	92910f5413fd9112c0502138eed5fff758c5de65 (diff)
download	guix-558224140dab669cabdaebabff18504a066c48d4.tar guix-558224140dab669cabdaebabff18504a066c48d4.tar.gz

daemon: Sanitize failed build outputs prior to exposing them.

The only thing keeping a rogue builder and a local user from collaborating to usurp control over the builder's user during the build is the fact that whatever files the builder may produce are not accessible to any other users yet. If we're going to make them accessible, we should probably do some sanity checking to ensure that sort of collaborating can't happen. Currently this isn't happening when failed build outputs are moved from the chroot as an aid to debugging. * nix/libstore/build.cc (secureFilePerms): new function. (DerivationGoal::buildDone): use it. Change-Id: I9dce1e3d8813b31cabd87a0e3219bf9830d8be96 Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Diffstat (limited to 'nix/libstore/pathlocks.hh')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: