futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b0fbb70521
guix-play/nix/libutil
History
Ludovic Courtès ff1251de0b
daemon: Address shortcoming in previous security fix for CVE-2024-27297. 
This is a followup to 8f4ffb3fae.

Commit 8f4ffb3fae fell short in two
ways: (1) it didn’t have any effet for fixed-output derivations
performed in a chroot, which is the case for all of them except those
using “builtin:download” and “builtin:git-download”, and (2) it did not
preserve ownership when copying, leading to “suspicious ownership or
permission […] rejecting this build output” errors.

* nix/libstore/build.cc (DerivationGoal::buildDone): Account for
‘chrootRootDir’ when copying ‘drv.outputs’.
* nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’
calls to preserve file ownership; this is necessary for chrooted
fixed-output derivation builds.
* nix/libutil/util.hh: Update comment.

Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156
2024-03-12 14:07:28 +01:00
..
affinity.cc Merge branch 'nix' into 'master'. 2014-12-19 22:47:37 +01:00
affinity.hh Merge branch 'nix' into 'master'. 2014-12-19 22:47:37 +01:00
archive.cc daemon: Use unbranded phrases in comments and messages. 2018-12-16 16:28:07 +01:00
archive.hh daemon: Remove "case hack" for nars. 2018-10-02 23:08:30 +02:00
hash.cc daemon: Improve error message for wrong hash sizes. 2023-01-09 17:40:54 +01:00
hash.hh daemon: Recognize SHA3 and BLAKE2s. 2020-06-27 23:42:20 +02:00
serialise.cc Merge branch 'nix'. 2015-05-19 16:09:58 +02:00
serialise.hh Merge branch 'nix'. 2015-05-19 16:09:58 +02:00
types.hh Merge branch 'nix'. 2015-05-19 16:09:58 +02:00
util.cc daemon: Address shortcoming in previous security fix for CVE-2024-27297. 2024-03-12 14:07:28 +01:00
util.hh daemon: Address shortcoming in previous security fix for CVE-2024-27297. 2024-03-12 14:07:28 +01:00