diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2017-05-11 13:58:09 +0200 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2017-05-11 13:58:09 +0200 |
| commit | 1a8e15053a6611963042306d4d3b0d5b89629eb1 (patch) | |
| tree | d37252ed26cdf350dc2bcbbded388a4a4395e154 /src | |
| parent | 6f245bf24a1154142acf2b8dfa620b891f461d55 (diff) | |
Don't allow untrusted users to set info.ultimate
Note that a trusted signature was still required in this case so it
was not a huge deal.
Diffstat (limited to 'src')
| -rw-r--r-- | src/nix-daemon/nix-daemon.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc index 1b90fad16..d2bb7b8c8 100644 --- a/src/nix-daemon/nix-daemon.cc +++ b/src/nix-daemon/nix-daemon.cc @@ -621,6 +621,8 @@ static void performOp(ref<LocalStore> store, bool trusted, unsigned int clientVe from >> info.ca >> repair >> dontCheckSigs; if (!trusted && dontCheckSigs) dontCheckSigs = false; + if (!trusted) + info.ultimate = false; TeeSink tee(from); parseDump(tee, tee.source); |