nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-12-22 17:01:08 +01:00
Code Activity

Merge pull request #14848 from NixOS/backport-14785-to-2.31-maintenance

Browse source 
[Backport 2.31-maintenance] libstore: include path in the world-writable error
This commit is contained in:
internal-nix-ci[bot] 2025-12-21 19:05:54 +00:00 committed by GitHub
commit 9b597aa64f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/libstore/unix/build/derivation-builder.cc
View file

@ -652,17 +652,17 @@ static void handleChildException(bool sendException)
}
}
static bool checkNotWorldWritable(std::filesystem::path path)
static void checkNotWorldWritable(std::filesystem::path path)
{
while (true) {
auto st = lstat(path);
if (st.st_mode & S_IWOTH)
return false;
throw Error("Path %s is world-writable or a symlink. That's not allowed for security.", path);
if (path == path.parent_path())
break;
path = path.parent_path();
}
return true;
return;
}
void DerivationBuilderImpl::startBuilder()
@ -700,9 +700,8 @@ void DerivationBuilderImpl::startBuilder()
createDirs(buildDir);
if (buildUser && !checkNotWorldWritable(buildDir))
throw Error(
"Path %s or a parent directory is world-writable or a symlink. That's not allowed for security.", buildDir);
if (buildUser)
checkNotWorldWritable(buildDir);
/* Create a temporary directory where the build will take
place. */