maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Also kill all processes of the build user after the build. This is

Browse source 
critical to prevent certain kinds of 0wnage.
This commit is contained in:
Eelco Dolstra 2005-10-17 17:43:21 +00:00
parent f1b3a418fa
commit 13b089c890
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/build.cc
View file

@ -676,6 +676,14 @@ void DerivationGoal::buildDone()
/* So the child is gone now. */ /* So the child is gone now. */
worker.childTerminated(savedPid); worker.childTerminated(savedPid);
/* When running under a build user, make sure that all processes
running under that uid are gone. This is to prevent a
malicious user from leaving behind a process that keeps files
open and modifies them after they have been chown'ed to
root. */
if (buildUser != 0)
killUser(buildUser);
/* Close the read side of the logger pipe. */ /* Close the read side of the logger pipe. */
logPipe.readSide.close(); logPipe.readSide.close();