Allow using /bin and /usr/bin as impure prefixes on non-darwin by default

These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
2015-01-13 09:40:11 -05:00 · 2015-01-13 09:40:11 -05:00 · 79ca503332
parent fcf57aad27
commit 79ca503332
1 changed files with 1 additions and 1 deletions
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@ -56,7 +56,7 @@
    #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library/Frameworks /usr/lib /dev /bin/sh"
 #else
    #define SANDBOX_ENABLED 0
-    #define DEFAULT_ALLOWED_IMPURE_PREFIXES ""
+    #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/bin" "/usr/bin"
 #endif

 #if CHROOT_ENABLED