summaryrefslogtreecommitdiff
path: root/nix/libstore
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2019-10-16 11:51:42 +0200
committerLudovic Courtès <ludo@gnu.org>2019-10-16 22:53:40 +0200
commit81c580c8664bfeeb767e2c47ea343004e88223c7 (patch)
tree682678e9f32fd6c38f78ccd5cd2ab58ee736e1be /nix/libstore
parenta1aaca314ca94700ebe3449d6bd73522f2d243bc (diff)
downloadguix-patches-81c580c8664bfeeb767e2c47ea343004e88223c7.tar
guix-patches-81c580c8664bfeeb767e2c47ea343004e88223c7.tar.gz
daemon: Make 'profiles/per-user' non-world-writable.
Fixes <https://bugs.gnu.org/37744>. Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>. Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d by Eelco Dolstra <edolstra@gmail.com>. * nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir' to #o755 instead of #o1777. (LocalStore::createUser): New function. * nix/libstore/local-store.hh (LocalStore): Add it. * nix/libstore/store-api.hh (StoreAPI): Add it. * nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add condition to handle "user-name" property and honor it. (processConnection): Add 'userId' parameter. Call 'store->createUser' when userId is not -1. * guix/profiles.scm (ensure-profile-directory): Note that this is now handled by the daemon. * guix/store.scm (current-user-name): New procedure. (set-build-options): Add #:user-name parameter and pass it to the daemon. * tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when listening on a TCP socket. * tests/store.scm ("profiles/per-user exists and is not writable") ("profiles/per-user/$USER exists"): New tests.
Diffstat (limited to 'nix/libstore')
-rw-r--r--nix/libstore/local-store.cc17
-rw-r--r--nix/libstore/local-store.hh2
-rw-r--r--nix/libstore/store-api.hh4
3 files changed, 21 insertions, 2 deletions
diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc
index 3b08492c64..3793382361 100644
--- a/nix/libstore/local-store.cc
+++ b/nix/libstore/local-store.cc
@@ -88,8 +88,9 @@ LocalStore::LocalStore(bool reserveSpace)
Path perUserDir = profilesDir + "/per-user";
createDirs(perUserDir);
- if (chmod(perUserDir.c_str(), 01777) == -1)
- throw SysError(format("could not set permissions on '%1%' to 1777") % perUserDir);
+ if (chmod(perUserDir.c_str(), 0755) == -1)
+ throw SysError(format("could not set permissions on '%1%' to 755")
+ % perUserDir);
mode_t perm = 01775;
@@ -1642,4 +1643,16 @@ void LocalStore::vacuumDB()
}
+void LocalStore::createUser(const std::string & userName, uid_t userId)
+{
+ auto dir = settings.nixStateDir + "/profiles/per-user/" + userName;
+
+ createDirs(dir);
+ if (chmod(dir.c_str(), 0755) == -1)
+ throw SysError(format("changing permissions of directory '%s'") % dir);
+ if (chown(dir.c_str(), userId, -1) == -1)
+ throw SysError(format("changing owner of directory '%s'") % dir);
+}
+
+
}
diff --git a/nix/libstore/local-store.hh b/nix/libstore/local-store.hh
index 4113fafcb5..2e48cf03e6 100644
--- a/nix/libstore/local-store.hh
+++ b/nix/libstore/local-store.hh
@@ -180,6 +180,8 @@ public:
void setSubstituterEnv();
+ void createUser(const std::string & userName, uid_t userId);
+
private:
Path schemaPath;
diff --git a/nix/libstore/store-api.hh b/nix/libstore/store-api.hh
index 2d9dcbd573..7d2ad2270d 100644
--- a/nix/libstore/store-api.hh
+++ b/nix/libstore/store-api.hh
@@ -289,6 +289,10 @@ public:
/* Check the integrity of the Nix store. Returns true if errors
remain. */
virtual bool verifyStore(bool checkContents, bool repair) = 0;
+
+ /* Create a profile for the given user. This is done by the daemon
+ because the 'profiles/per-user' directory is not writable by users. */
+ virtual void createUser(const std::string & userName, uid_t userId) = 0;
};