daemon: Make 'profiles/per-user' non-world-writable.

Fixes <https://bugs.gnu.org/37744>. Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>. Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d by Eelco Dolstra <edolstra@gmail.com>. * nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir' to #o755 instead of #o1777. (LocalStore::createUser): New function. * nix/libstore/local-store.hh (LocalStore): Add it. * nix/libstore/store-api.hh (StoreAPI): Add it. * nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add condition to handle "user-name" property and honor it. (processConnection): Add 'userId' parameter. Call 'store->createUser' when userId is not -1. * guix/profiles.scm (ensure-profile-directory): Note that this is now handled by the daemon. * guix/store.scm (current-user-name): New procedure. (set-build-options): Add #:user-name parameter and pass it to the daemon. * tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when listening on a TCP socket. * tests/store.scm ("profiles/per-user exists and is not writable") ("profiles/per-user/$USER exists"): New tests.
2025-10-02 02:15:12 +00:00 · 2019-10-16 11:51:42 +02:00 · 2019-10-16 11:51:42 +02:00 · 81c580c866
commit 81c580c866
parent a1aaca314c
8 changed files with 90 additions and 6 deletions
--- a/nix/libstore/store-api.hh
+++ b/nix/libstore/store-api.hh
@ -289,6 +289,10 @@ public:
    /* Check the integrity of the Nix store.  Returns true if errors
       remain. */
    virtual bool verifyStore(bool checkContents, bool repair) = 0;
+
+    /* Create a profile for the given user.  This is done by the daemon
+       because the 'profiles/per-user' directory is not writable by users.  */
+    virtual void createUser(const std::string & userName, uid_t userId) = 0;
 };