amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

daemon: Tolerate pipes and sockets in failed build trees.

Browse source 
Fixes <https://issues.guix.gnu.org/78919>.
Fixes guix/guix#471.

Fixes a bug introduced in ae18b3d9e6
whereby interrupting ‘guix build -K hello’ would leave a build directory
with root ownership due ‘secureFilePerms’ bailing out due to the
presence of FIFOs in the temporary build directory.

* nix/libstore/build.cc (secureFilePerms): Add ‘allowSpecialFiles’
parameter; honor it and pass it in recursive call.
(DerivationGoal::deleteTmpDir): Pass true as the second argument to
‘secureFilePerms’.

Reported-by: Janneke Nieuwenhuizen <janneke@gnu.org>
Reported-by: David Elsing <david.elsing@posteo.net>
Change-Id: I638a4ee909a2b5022f9153e1cbb832bfb2e15263
This commit is contained in:
Ludovic Courtès 2025-07-12 11:42:04 +02:00
parent c5a9227497
commit ca03f73790
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

20
nix/libstore/build.cc
View file

@ -1318,8 +1318,9 @@ MakeError(NotDeterministic, BuildError)
/* Recursively make the file permissions of a path safe for exposure to /* Recursively make the file permissions of a path safe for exposure to
arbitrary users, but without canonicalising its permissions, timestamp, and arbitrary users, but without canonicalising its permissions, timestamp, and
user. Throw an exception if a file type that isn't explicitly known to be user. Throw an exception if a file type that isn't explicitly known to be
safe is found. */ safe is found; when 'allowSpecialFiles' is true, pipes and sockets are
static void secureFilePerms(Path path) allowed. */
static void secureFilePerms(Path path, bool allowSpecialFiles = false)
{ {
struct stat st; struct stat st;
if (lstat(path.c_str(), &st)) return; if (lstat(path.c_str(), &st)) return;
@ -1330,7 +1331,7 @@ static void secureFilePerms(Path path)
case S_IFDIR: case S_IFDIR:
for (auto & i : readDirectory(path)) { for (auto & i : readDirectory(path)) {
secureFilePerms(path + "/" + i.name); secureFilePerms(path + "/" + i.name, allowSpecialFiles);
} }
/* FALLTHROUGH */ /* FALLTHROUGH */
@ -1338,6 +1339,14 @@ static void secureFilePerms(Path path)
chmod(path.c_str(), (st.st_mode & ~S_IFMT) & ~(S_ISUID | S_ISGID | S_IWOTH)); chmod(path.c_str(), (st.st_mode & ~S_IFMT) & ~(S_ISUID | S_ISGID | S_IWOTH));
break; break;
case S_IFSOCK:
case S_IFIFO:
if (allowSpecialFiles) {
chmod(path.c_str(), (st.st_mode & ~S_IFMT) & ~(S_ISUID | S_ISGID | S_IWOTH));
break;
}
/* FALLTHROUGH */
default: default:
throw Error(format("file `%1%' has an unsupported type") % path); throw Error(format("file `%1%' has an unsupported type") % path);
} }
@ -3401,8 +3410,9 @@ void DerivationGoal::deleteTmpDir(bool force)
gid_t gid = settings.clientGid != 0 ? settings.clientGid : -1; gid_t gid = settings.clientGid != 0 ? settings.clientGid : -1;
bool reown = false; bool reown = false;
/* First remove setuid/setgid bits. */ /* First remove setuid/setgid bits. Allow sockets and pipes
secureFilePerms(tmpDir); in the build directory. */
secureFilePerms(tmpDir, true);
try { try {
_chown(tmpDir, uid, gid); _chown(tmpDir, uid, gid);