diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2024-03-11 10:59:42 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2024-03-11 22:12:34 +0100 |
| commit | 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 (patch) | |
| tree | 4e626a0c742043b9ce84ebb71e9a1622f76ba557 /nix/libutil/util.hh | |
| parent | a26bce55e60aa3444c4378d3996f3aa41b9661e9 (diff) | |
daemon: Protect against FD escape when building fixed-output derivations (CVE-2024-27297).
This fixes a security issue (CVE-2024-27297) whereby a fixed-output
derivation build process could open a writable file descriptor to its
output, send it to some outside process for instance over an abstract
AF_UNIX socket, which would then allow said process to modify the file
in the store after it has been marked as “valid”.
Vulnerability discovered by puck <https://github.com/puckipedia>.
Nix security advisory:
https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
Nix fix:
https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9
* nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and
a file descriptor. Rewrite the ‘Path’ variant accordingly.
(copyFile, copyFileRecursively): New functions.
* nix/libutil/util.hh (copyFileRecursively): New declaration.
* nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’
is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output.
Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4
Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88
Diffstat (limited to 'nix/libutil/util.hh')
| -rw-r--r-- | nix/libutil/util.hh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/nix/libutil/util.hh b/nix/libutil/util.hh index 880b0e93b2..058f5f8446 100644 --- a/nix/libutil/util.hh +++ b/nix/libutil/util.hh @@ -102,6 +102,12 @@ void deletePath(const Path & path); void deletePath(const Path & path, unsigned long long & bytesFreed, size_t linkThreshold = 1); +/* Copy SOURCE to DESTINATION, recursively. Throw if SOURCE contains a file + that is not a regular file, symlink, or directory. When DELETESOURCE is + true, delete source files once they have been copied. */ +void copyFileRecursively(const Path &source, const Path &destination, + bool deleteSource = false); + /* Create a temporary directory. */ Path createTempDir(const Path & tmpRoot = "", const Path & prefix = "nix", bool includePid = true, bool useGlobalCounter = true, mode_t mode = 0755); |