Don't resolve symlinks while checking __impureHostDeps

Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
2015-01-13 11:16:32 +01:00 · 2015-01-13 11:16:32 +01:00 · 100961e370
parent f1151a3373
commit 100961e370
1 changed files with 5 additions and 2 deletions
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@ -1784,10 +1784,13 @@ void DerivationGoal::startBuilder()

        for (auto & i : impurePaths) {
            bool found = false;
-            Path canonI = canonPath(i, true);
+            /* Note: we're not resolving symlinks here to prevent
+               giving a non-root user info about inaccessible
+               files. */
+            Path canonI = canonPath(i);
            /* If only we had a trie to do this more efficiently :) luckily, these are generally going to be pretty small */
            for (auto & a : allowedPaths) {
-                Path canonA = canonPath(a, true);
+                Path canonA = canonPath(a);
                if (canonI == canonA || isInDir(canonI, canonA)) {
                    found = true;
                    break;