nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-12-23 17:31:08 +01:00
Code Activity

Merge pull request #14785 from YawKar/master

Browse source 
libstore: include path in the world-writable error
This commit is contained in:
Sergei Zimmerman 2025-12-21 17:49:24 +00:00 committed by GitHub
commit 96204ea6bd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/libstore/unix/build/derivation-builder.cc
View file

@ -678,17 +678,17 @@ static void handleChildException(bool sendException)
}
}
static bool checkNotWorldWritable(std::filesystem::path path)
static void checkNotWorldWritable(std::filesystem::path path)
{
while (true) {
auto st = lstat(path);
if (st.st_mode & S_IWOTH)
return false;
throw Error("Path %s is world-writable or a symlink. That's not allowed for security.", path);
if (path == path.parent_path())
break;
path = path.parent_path();
}
return true;
return;
}
std::optional<Descriptor> DerivationBuilderImpl::startBuild()
@ -710,9 +710,8 @@ std::optional<Descriptor> DerivationBuilderImpl::startBuild()
createDirs(buildDir);
if (buildUser && !checkNotWorldWritable(buildDir))
throw Error(
"Path %s or a parent directory is world-writable or a symlink. That's not allowed for security.", buildDir);
if (buildUser)
checkNotWorldWritable(buildDir);
/* Create a temporary directory where the build will take
place. */