Nix now includes the username into the hash calculation, statepaths are also recomputed at buildtime so they cannot be spoofed

src/nix-state/nix-state

@@ -18,7 +18,7 @@ sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
 # if CDPATH is set.
 (unset CDPATH) >/dev/null 2>&1 && unset CDPATH
 
-relink_command="(cd /root/dev/nix-state/src/nix-state; { test -z \"\${LIBRARY_PATH+set}\" || unset LIBRARY_PATH || { LIBRARY_PATH=; export LIBRARY_PATH; }; }; { test -z \"\${COMPILER_PATH+set}\" || unset COMPILER_PATH || { COMPILER_PATH=; export COMPILER_PATH; }; }; { test -z \"\${GCC_EXEC_PREFIX+set}\" || unset GCC_EXEC_PREFIX || { GCC_EXEC_PREFIX=; export GCC_EXEC_PREFIX; }; }; { test -z \"\${LD_RUN_PATH+set}\" || unset LD_RUN_PATH || { LD_RUN_PATH=; export LD_RUN_PATH; }; }; { test -z \"\${LD_LIBRARY_PATH+set}\" || unset LD_LIBRARY_PATH || { LD_LIBRARY_PATH=; export LD_LIBRARY_PATH; }; }; PATH=\"/root/bin:/nix/var/nix/profiles/per-user/root/profile/bin:/nix/var/nix/profiles/per-user/root/profile/sbin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/var/setuid-wrappers:/var/run/current-system/sw/bin:/var/run/current-system/sw/sbin:/home/share/bin:/home/share/bin\"; export PATH; g++ -I./.. -I/root/.nix-profile/include -I/root/.nix-profile/include -I./../libutil -I./../libstore -I./../libmain -D_FILE_OFFSET_BITS=64 -g -O2 -o \$progdir/\$file nix-state.o  ../libmain/.libs/libmain.so -L/tmp/nix-14177-0/build/i686-pc-linux-gnu/libstdc++-v3/src -L/tmp/nix-14177-0/build/i686-pc-linux-gnu/libstdc++-v3/src/.libs ../libstore/.libs/libstore.so /root/dev/nix-state/src/libutil/.libs/libutil.so ../libutil/.libs/libutil.so /root/dev/nix-state/src/boost/format/.libs/libformat.so ../boost/format/.libs/libformat.so /nix/store/kpqz9a4clx96538rr0zmsy3v40iqd88g-gcc-4.1.1/lib/libstdc++.so -L/root/.nix-profile/lib -ldb_cxx /nix/store/pkmzbb613wa8cwngx8jjb5jaic8yhyzs-aterm-2.4.2-fixes/lib/libATerm -lpthread -Wl,--rpath -Wl,/root/dev/nix-state/src/libmain/.libs -Wl,--rpath -Wl,/root/dev/nix-state/src/libstore/.libs -Wl,--rpath -Wl,/root/dev/nix-state/src/libutil/.libs -Wl,--rpath -Wl,/root/dev/nix-state/src/boost/format/.libs -Wl,--rpath -Wl,/nix/store/kpqz9a4clx96538rr0zmsy3v40iqd88g-gcc-4.1.1/lib -Wl,--rpath -Wl,/nix/store/pkmzbb613wa8cwngx8jjb5jaic8yhyzs-aterm-2.4.2-fixes/lib -Wl,--rpath -Wl,/nixstate/nix/lib/nix -Wl,--rpath -Wl,/nix/store/kpqz9a4clx96538rr0zmsy3v40iqd88g-gcc-4.1.1/lib -Wl,--rpath -Wl,/nix/store/pkmzbb613wa8cwngx8jjb5jaic8yhyzs-aterm-2.4.2-fixes/lib)"
+relink_command="(cd /root/dev/nix-state/src/nix-state; { test -z \"\${LIBRARY_PATH+set}\" || unset LIBRARY_PATH || { LIBRARY_PATH=; export LIBRARY_PATH; }; }; { test -z \"\${COMPILER_PATH+set}\" || unset COMPILER_PATH || { COMPILER_PATH=; export COMPILER_PATH; }; }; { test -z \"\${GCC_EXEC_PREFIX+set}\" || unset GCC_EXEC_PREFIX || { GCC_EXEC_PREFIX=; export GCC_EXEC_PREFIX; }; }; { test -z \"\${LD_RUN_PATH+set}\" || unset LD_RUN_PATH || { LD_RUN_PATH=; export LD_RUN_PATH; }; }; { test -z \"\${LD_LIBRARY_PATH+set}\" || unset LD_LIBRARY_PATH || { LD_LIBRARY_PATH=; export LD_LIBRARY_PATH; }; }; PATH=\"/root/bin:/nix/var/nix/profiles/per-user/root/profile/bin:/nix/var/nix/profiles/per-user/root/profile/sbin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/var/setuid-wrappers:/var/run/current-system/sw/bin:/var/run/current-system/sw/sbin:/home/share/bin:/home/share/bin:/home/share/bin\"; export PATH; g++ -I./.. -I/root/.nix-profile/include -I/root/.nix-profile/include -I./../libutil -I./../libstore -I./../libmain -D_FILE_OFFSET_BITS=64 -g -O2 -o \$progdir/\$file nix-state.o  ../libmain/.libs/libmain.so -L/tmp/nix-14177-0/build/i686-pc-linux-gnu/libstdc++-v3/src -L/tmp/nix-14177-0/build/i686-pc-linux-gnu/libstdc++-v3/src/.libs ../libstore/.libs/libstore.so /root/dev/nix-state/src/libutil/.libs/libutil.so ../libutil/.libs/libutil.so /root/dev/nix-state/src/boost/format/.libs/libformat.so ../boost/format/.libs/libformat.so /nix/store/kpqz9a4clx96538rr0zmsy3v40iqd88g-gcc-4.1.1/lib/libstdc++.so -L/root/.nix-profile/lib -ldb_cxx /nix/store/pkmzbb613wa8cwngx8jjb5jaic8yhyzs-aterm-2.4.2-fixes/lib/libATerm -lpthread -Wl,--rpath -Wl,/root/dev/nix-state/src/libmain/.libs -Wl,--rpath -Wl,/root/dev/nix-state/src/libstore/.libs -Wl,--rpath -Wl,/root/dev/nix-state/src/libutil/.libs -Wl,--rpath -Wl,/root/dev/nix-state/src/boost/format/.libs -Wl,--rpath -Wl,/nix/store/kpqz9a4clx96538rr0zmsy3v40iqd88g-gcc-4.1.1/lib -Wl,--rpath -Wl,/nix/store/pkmzbb613wa8cwngx8jjb5jaic8yhyzs-aterm-2.4.2-fixes/lib -Wl,--rpath -Wl,/nixstate/nix/lib/nix -Wl,--rpath -Wl,/nix/store/kpqz9a4clx96538rr0zmsy3v40iqd88g-gcc-4.1.1/lib -Wl,--rpath -Wl,/nix/store/pkmzbb613wa8cwngx8jjb5jaic8yhyzs-aterm-2.4.2-fixes/lib)"
 
 # This environment variable determines our operation mode.
 if test "$libtool_install_magic" = "%%%MAGIC variable%%%"; then

src/nix-state/nix-state.cc

@@ -171,7 +171,7 @@ static void opRunComponent(Strings opFlags, Strings opArgs)
 	for (DerivationStateOutputDirs::const_reverse_iterator i = stateOutputDirs.rbegin(); i != stateOutputDirs.rend(); ++i){
 		DerivationStateOutputDir d = i->second;
 
-		string thisdir = d.path;
+		string thisdir = d.path;		//TODO CONVERT
 		
 		string fullstatedir = statePath + "/" + thisdir;
 		if(thisdir == "/")									//exception for the root dir
@@ -259,6 +259,13 @@ void run(Strings args)
 	store->addUpdatedStateDerivation("/nix/store/s6wggk924jx0gcb0l29ra4g9fxa3b4pp-hellohardcodedstateworld-1.0.drv", p2);		//
 	store->updateAllStateDerivations();
 	return;
+	string a = makeStatePathFromGolbalHash("8f3b56a9a985fce54fd88c3e95a81a4b6b11fb98da12b977aee7f278c73ad3d7-hellohardcodedstateworld-1.0-test2", "kaaz");
+	printMsg(lvlError, format("%1%") % a);
+	return;
+	*/
+	printMsg(lvlError, format("Result: \"%1%\"") % getCallingUserName());
+	return;
+	
 	/* test */
 	
     for (Strings::iterator i = args.begin(); i != args.end(); ) {
@@ -291,7 +298,7 @@ void run(Strings args)
 		
 		--delete state?
 		
-		--
+		--user=...
 		
         */