aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/pathlocks.cc
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2013-06-13 17:12:24 +0200
committerEelco Dolstra <eelco.dolstra@logicblox.com>2013-06-13 17:12:24 +0200
commitcd49ee08970f0fa44053fb12cdf29668e8131a51 (patch)
tree4aafca00a479cc18e8759636ff1c2140dba2735a /src/libstore/pathlocks.cc
parent1e2c7c04b1125fb63fae733fc27abb86743b8224 (diff)
Fix a security bug in hash rewriting
Before calling dumpPath(), we have to make sure the files are owned by the build user. Otherwise, the build could contain a hard link to (say) /etc/shadow, which would then be read by the daemon and rewritten as a world-readable file. This only affects systems that don't have hard link restrictions enabled.
Diffstat (limited to 'src/libstore/pathlocks.cc')
0 files changed, 0 insertions, 0 deletions