aboutsummaryrefslogtreecommitdiff
path: root/src/nix-channel
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-05-04 16:57:03 +0200
committerEelco Dolstra <edolstra@gmail.com>2017-05-04 16:57:03 +0200
commiteba840c8a13b465ace90172ff76a0db2899ab11b (patch)
tree031a4794e1b38ad6fc6d0cc94557755c0896b4fb /src/nix-channel
parent2da6a424486e16b4b30e448a15a9b4a608df602d (diff)
Linux sandbox: Use /build instead of /tmp as $TMPDIR
There is a security issue when a build accidentally stores its $TMPDIR in some critical place, such as an RPATH. If TMPDIR=/tmp/nix-build-..., then any user on the system can recreate that directory and inject libraries into the RPATH of programs executed by other users. Since /build probably doesn't exist (or isn't world-writable), this mitigates the issue.
Diffstat (limited to 'src/nix-channel')
0 files changed, 0 insertions, 0 deletions