nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-12-22 17:01:08 +01:00
Code Activity

libstore: include path in the world-writable error

Browse source 
The previous error message was ambiguous about which specific directory failed the check.

This commit updates checkNotWorldWritable to return the failing path so it can be included in the error message, making debugging easier.
This commit is contained in:
yawkar 2025-12-13 19:45:19 +03:00
parent a6eb2e91b7
commit a1e24fa6ce
1 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/libstore/unix/build/derivation-builder.cc
View file

@ -678,17 +678,17 @@ static void handleChildException(bool sendException)
}
}
static bool checkNotWorldWritable(std::filesystem::path path)
static void checkNotWorldWritable(std::filesystem::path path)
{
while (true) {
auto st = lstat(path);
if (st.st_mode & S_IWOTH)
return false;
throw Error("Path %s is world-writable or a symlink. That's not allowed for security.", path);
if (path == path.parent_path())
break;
path = path.parent_path();
}
return true;
return;
}
std::optional<Descriptor> DerivationBuilderImpl::startBuild()
@ -710,9 +710,8 @@ std::optional<Descriptor> DerivationBuilderImpl::startBuild()
createDirs(buildDir);
if (buildUser && !checkNotWorldWritable(buildDir))
throw Error(
"Path %s or a parent directory is world-writable or a symlink. That's not allowed for security.", buildDir);
if (buildUser)
checkNotWorldWritable(buildDir);
/* Create a temporary directory where the build will take
place. */