maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* When not running as root, call the setuid helper to change the

Browse source 
ownership of the build result after the build.
This commit is contained in:
Eelco Dolstra 2006-12-07 15:18:14 +00:00
parent 6a07ff1ec0
commit a0a43c3206
2 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/build.cc
View file

@ -1398,7 +1398,7 @@ void DerivationGoal::startBuilder()
safe. Also note that setuid() when run as root sets safe. Also note that setuid() when run as root sets
the real, effective and saved UIDs. */ the real, effective and saved UIDs. */
if (buildUser.enabled()) { if (buildUser.enabled()) {
printMsg(lvlInfo, format("switching to uid `%1%'") % buildUser.getUID()); printMsg(lvlInfo, format("switching to user `%1%'") % buildUser.getUser());
if (amPrivileged()) { if (amPrivileged()) {
@ -1544,6 +1544,12 @@ void DerivationGoal::computeClosure()
throw Error(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path); throw Error(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path);
#endif #endif
if (buildUser.enabled() && !amPrivileged())
/* Call the setuid helper to change ownership from the
build user to our uid. If we *are* root, then
canonicalisePathMetaData() will take care of this. */
getOwnership(path);
/* Get rid of all weird permissions. */ /* Get rid of all weird permissions. */
canonicalisePathMetaData(path); canonicalisePathMetaData(path);

12
src/libstore/local-store.cc
View file

@ -223,6 +223,12 @@ void canonicalisePathMetaData(const Path & path)
if (!S_ISLNK(st.st_mode)) { if (!S_ISLNK(st.st_mode)) {
if (st.st_uid != geteuid()) {
if (chown(path.c_str(), geteuid(), -1) == -1)
throw SysError(format("changing owner of `%1%' to %2%")
% path % geteuid());
}
/* Mask out all type related bits. */ /* Mask out all type related bits. */
mode_t mode = st.st_mode & ~S_IFMT; mode_t mode = st.st_mode & ~S_IFMT;
@ -234,12 +240,6 @@ void canonicalisePathMetaData(const Path & path)
throw SysError(format("changing mode of `%1%' to %2$o") % path % mode); throw SysError(format("changing mode of `%1%' to %2$o") % path % mode);
} }
if (st.st_uid != geteuid() || st.st_gid != getegid()) {
if (chown(path.c_str(), geteuid(), getegid()) == -1)
throw SysError(format("changing owner/group of `%1%' to %2%/%3%")
% path % geteuid() % getegid());
}
if (st.st_mtime != 0) { if (st.st_mtime != 0) {
struct utimbuf utimbuf; struct utimbuf utimbuf;
utimbuf.actime = st.st_atime; utimbuf.actime = st.st_atime;