diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-07-26 15:04:40 -0400 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-07-26 15:04:40 -0400 |
| commit | 3a4623afbbc1bff85bde33167d36e8c5a4a3df0d (patch) | |
| tree | 5e39b404333b720d711da1c04489b631b878ecf8 | |
| parent | 2605f4f4e6a367df67bf8b33b252c350313699c9 (diff) | |
Set permissions on temporary build directories to 0700
Fixes #39.
| -rw-r--r-- | src/libstore/build.cc | 3 | ||||
| -rw-r--r-- | src/libutil/util.cc | 4 | ||||
| -rw-r--r-- | src/libutil/util.hh | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index a3bde3462..290635695 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1527,7 +1527,7 @@ void DerivationGoal::startBuilder() /* Create a temporary directory where the build will take place. */ - tmpDir = createTempDir("", "nix-build-" + baseNameOf(drvPath), false, false); + tmpDir = createTempDir("", "nix-build-" + baseNameOf(drvPath), false, false, 0700); /* For convenience, set an environment pointing to the top build directory. */ @@ -2178,6 +2178,7 @@ void DerivationGoal::deleteTmpDir(bool force) % drvPath % tmpDir); if (buildUser.enabled() && !amPrivileged()) getOwnership(tmpDir); + chmod(tmpDir.c_str(), 0755); } else deletePathWrapped(tmpDir); diff --git a/src/libutil/util.cc b/src/libutil/util.cc index b188a9fc0..689fc543a 100644 --- a/src/libutil/util.cc +++ b/src/libutil/util.cc @@ -380,7 +380,7 @@ static Path tempName(Path tmpRoot, const Path & prefix, bool includePid, Path createTempDir(const Path & tmpRoot, const Path & prefix, - bool includePid, bool useGlobalCounter) + bool includePid, bool useGlobalCounter, mode_t mode) { static int globalCounter = 0; int localCounter = 0; @@ -389,7 +389,7 @@ Path createTempDir(const Path & tmpRoot, const Path & prefix, while (1) { checkInterrupt(); Path tmpDir = tempName(tmpRoot, prefix, includePid, counter); - if (mkdir(tmpDir.c_str(), 0777) == 0) { + if (mkdir(tmpDir.c_str(), mode) == 0) { /* Explicitly set the group of the directory. This is to work around around problems caused by BSD's group ownership semantics (directories inherit the group of diff --git a/src/libutil/util.hh b/src/libutil/util.hh index 362d0f65e..9b8656f70 100644 --- a/src/libutil/util.hh +++ b/src/libutil/util.hh @@ -88,7 +88,7 @@ void makePathReadOnly(const Path & path); /* Create a temporary directory. */ Path createTempDir(const Path & tmpRoot = "", const Path & prefix = "nix", - bool includePid = true, bool useGlobalCounter = true); + bool includePid = true, bool useGlobalCounter = true, mode_t mode = 0755); /* Create a directory and all its parents, if necessary. Returns the list of created directories, in order of creation. */ |