futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
be06dea224
guix-play/nix
History
Ludovic Courtès ec7fb66994
daemon: Prevent privilege escalation with '--keep-failed' [security]. 
Fixes <https://bugs.gnu.org/47229>.
Reported by Nathan Nye of WhiteBeam Security.

* nix/libstore/build.cc (DerivationGoal::startBuilder): When 'useChroot'
is true, add "/top" to 'tmpDir'.
(DerivationGoal::deleteTmpDir): Adjust accordingly.  When
'settings.keepFailed' is true, chown in two steps: first the "/top"
sub-directory, and then rename "/top" to its parent.
2021-03-18 12:18:56 +01:00
..
boost
libstore daemon: Prevent privilege escalation with '--keep-failed' [security]. 2021-03-18 12:18:56 +01:00
libutil
nix-daemon daemon: Correctly handle '--discover' with no value. 2021-03-17 12:03:23 +01:00
.gitignore
AUTHORS
COPYING
local.mk