maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove world-writability from per-user directories

Browse source 
'nix-daemon' now creates subdirectories for users when they first
connect.

Fixes #509 (CVE-2019-17365).
Should also fix #3127.

(cherry picked from commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d)
This commit is contained in:
Eelco Dolstra 2019-10-09 18:01:21 +02:00
parent 910b0fcc11
commit 65953789bc
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
11 changed files with 41 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nix.spec.in
View file

@ -106,7 +106,7 @@ chmod 1775 $RPM_BUILD_ROOT/nix/store
for d in profiles gcroots;
do
mkdir -p $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
chmod 1777 $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
chmod 755 $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
done
# fix permission of nix profile