picnoir/nix-gh
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Don't let unprivileged users repair paths

Browse source
This commit is contained in:
Eelco Dolstra 2015-06-02 02:21:54 +02:00
parent 7106bb0611
commit d8ddf994e7
1 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/nix-daemon/nix-daemon.cc
View file

@ -520,13 +520,15 @@ static void performOp(bool trusted, unsigned int clientVersion,
break;
case wopVerifyStore: {
bool checkContents = readInt(from) != 0;
bool repair = readInt(from) != 0;
startWork();
bool errors = store->verifyStore(checkContents, repair);
stopWork();
writeInt(errors, to);
break;
bool checkContents = readInt(from) != 0;
bool repair = readInt(from) != 0;
startWork();
if (repair && !trusted)
throw Error("you are not privileged to repair paths");
bool errors = store->verifyStore(checkContents, repair);
stopWork();
writeInt(errors, to);
break;
}
default: