Revert "Allow using /bin and /usr/bin as impure prefixes on non-darwin by default"

This reverts commit 79ca5033329053caa364bb2f7e50953f859cc97f. Ouch, never noticed this. We definitely don't want to allow builds to have arbitrary access to /bin and /usr/bin, because then they can (for instance) bring in a bunch of setuid programs. Also, we shouldn't be encouraging the use of impurities in the default configuration.
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-11-09 21:21:04 +0100
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-11-09 21:28:38 +0100
commit: 96c2ebf0042cbbaba2e08b7728af2d56f22de031 (patch)
tree: 057d3f2c8d3da376c804c6f36f40d09b14a6eadf /src
parent: 4384bbd2e151e7b6f627cb022ea1cc4f5dcbe180 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index d6671f45b..b0896f466 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -62,7 +62,7 @@
     #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library /usr/lib /dev /bin/sh"
 #else
     #define SANDBOX_ENABLED 0
-    #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/bin" "/usr/bin"
+    #define DEFAULT_ALLOWED_IMPURE_PREFIXES ""
 #endif
 
 #if CHROOT_ENABLED
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-11-09 21:21:04 +0100
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-11-09 21:28:38 +0100
commit	96c2ebf0042cbbaba2e08b7728af2d56f22de031 (patch)
tree	057d3f2c8d3da376c804c6f36f40d09b14a6eadf /src
parent	4384bbd2e151e7b6f627cb022ea1cc4f5dcbe180 (diff)