aboutsummaryrefslogtreecommitdiff
path: root/src/nix-daemon/nix-daemon.cc
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2019-10-09 18:01:21 +0200
committerEelco Dolstra <edolstra@gmail.com>2019-10-09 23:34:48 +0200
commit5a303093dcae1e5ce9212616ef18f2ca51020b0d (patch)
tree091df92662ac2fdfe8c5ce4b9eb1f75bc81b5675 /src/nix-daemon/nix-daemon.cc
parent4331eeb13d241dfe2d2e6a01c53915c556cac94f (diff)
Remove world-writability from per-user directories
'nix-daemon' now creates subdirectories for users when they first connect. Fixes #509 (CVE-2019-17365). Should also fix #3127.
Diffstat (limited to 'src/nix-daemon/nix-daemon.cc')
-rw-r--r--src/nix-daemon/nix-daemon.cc9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc
index e88aaf636..cd18489b0 100644
--- a/src/nix-daemon/nix-daemon.cc
+++ b/src/nix-daemon/nix-daemon.cc
@@ -742,7 +742,8 @@ static void performOp(TunnelLogger * logger, ref<Store> store,
}
-static void processConnection(bool trusted)
+static void processConnection(bool trusted,
+ const std::string & userName, uid_t userId)
{
MonitorFdHup monitor(from.fd);
@@ -793,6 +794,8 @@ static void processConnection(bool trusted)
params["path-info-cache-size"] = "0";
auto store = openStore(settings.storeUri, params);
+ store->createUser(userName, userId);
+
tunnelLogger->stopWork();
to.flush();
@@ -1053,7 +1056,7 @@ static void daemonLoop(char * * argv)
/* Handle the connection. */
from.fd = remote.get();
to.fd = remote.get();
- processConnection(trusted);
+ processConnection(trusted, user, peer.uid);
exit(0);
}, options);
@@ -1133,7 +1136,7 @@ static int _main(int argc, char * * argv)
}
}
} else {
- processConnection(true);
+ processConnection(true, "root", 0);
}
} else {
daemonLoop(argv);