diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2024-03-12 11:53:35 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2024-03-12 14:07:28 +0100 |
| commit | ff1251de0bc327ec478fc66a562430fbf35aef42 (patch) | |
| tree | 6a34140e77ef17712671b3a49298e8242d614471 /nix/libutil/util.cc | |
| parent | fc1762fe38b4e0bf63c9efe4bed1435f0ef522bd (diff) | |
daemon: Address shortcoming in previous security fix for CVE-2024-27297.
This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143.
Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two
ways: (1) it didn’t have any effet for fixed-output derivations
performed in a chroot, which is the case for all of them except those
using “builtin:download” and “builtin:git-download”, and (2) it did not
preserve ownership when copying, leading to “suspicious ownership or
permission […] rejecting this build output” errors.
* nix/libstore/build.cc (DerivationGoal::buildDone): Account for
‘chrootRootDir’ when copying ‘drv.outputs’.
* nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’
calls to preserve file ownership; this is necessary for chrooted
fixed-output derivation builds.
* nix/libutil/util.hh: Update comment.
Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156
Diffstat (limited to 'nix/libutil/util.cc')
| -rw-r--r-- | nix/libutil/util.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/nix/libutil/util.cc b/nix/libutil/util.cc index 493f06f357..578d657293 100644 --- a/nix/libutil/util.cc +++ b/nix/libutil/util.cc @@ -422,6 +422,7 @@ static void copyFileRecursively(int sourceroot, const Path &source, if (destinationFd == -1) throw SysError(format("opening `%1%'") % source); copyFile(sourceFd, destinationFd); + fchown(destinationFd, st.st_uid, st.st_gid); } else if (S_ISLNK(st.st_mode)) { char target[st.st_size + 1]; ssize_t result = readlinkat(sourceroot, source.c_str(), target, st.st_size); @@ -430,6 +431,8 @@ static void copyFileRecursively(int sourceroot, const Path &source, int err = symlinkat(target, destinationroot, destination.c_str()); if (err != 0) throw SysError(format("creating symlink `%1%'") % destination); + fchownat(destinationroot, destination.c_str(), + st.st_uid, st.st_gid, AT_SYMLINK_NOFOLLOW); } else if (S_ISDIR(st.st_mode)) { int err = mkdirat(destinationroot, destination.c_str(), 0755); if (err != 0) @@ -455,6 +458,7 @@ static void copyFileRecursively(int sourceroot, const Path &source, for (auto & i : readDirectory(sourceFd)) copyFileRecursively((int)sourceFd, i.name, (int)destinationFd, i.name, deleteSource); + fchown(destinationFd, st.st_uid, st.st_gid); } else throw Error(format("refusing to copy irregular file `%1%'") % source); if (deleteSource) |