From patchwork Thu Jul 11 20:26:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hartmut Goebel X-Patchwork-Id: 14572 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 94C5A17204; Thu, 11 Jul 2019 21:27:11 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 75D35171FF for ; Thu, 11 Jul 2019 21:27:10 +0100 (BST) Received: from localhost ([::1]:45058 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlfeo-0004uo-61 for patchwork@mira.cbaines.net; Thu, 11 Jul 2019 16:27:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60707) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hlfek-0004uB-FM for guix-patches@gnu.org; Thu, 11 Jul 2019 16:27:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hlfej-000555-4i for guix-patches@gnu.org; Thu, 11 Jul 2019 16:27:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:58095) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hlfej-000550-19 for guix-patches@gnu.org; Thu, 11 Jul 2019 16:27:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hlfeg-0006rK-UQ for guix-patches@gnu.org; Thu, 11 Jul 2019 16:27:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#36605] [PATCH v4] daemon: Set ownership of kept build directories to the calling user. Resent-From: Hartmut Goebel Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jul 2019 20:27:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36605 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 36605@debbugs.gnu.org Received: via spool by 36605-submit@debbugs.gnu.org id=B36605.156287681026267 (code B ref 36605); Thu, 11 Jul 2019 20:27:02 +0000 Received: (at 36605) by debbugs.gnu.org; 11 Jul 2019 20:26:50 +0000 Received: from localhost ([127.0.0.1]:38662 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hlfeT-0006pV-JD for submit@debbugs.gnu.org; Thu, 11 Jul 2019 16:26:49 -0400 Received: from mail-out.m-online.net ([212.18.0.10]:35258) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hlfeR-0006pJ-UN for 36605@debbugs.gnu.org; Thu, 11 Jul 2019 16:26:48 -0400 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 45l6zB6BSzz1rYX3 for <36605@debbugs.gnu.org>; Thu, 11 Jul 2019 22:26:46 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 45l6zB3JPrz1qqkP for <36605@debbugs.gnu.org>; Thu, 11 Jul 2019 22:26:46 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id 6f2Q_1qd0fR2 for <36605@debbugs.gnu.org>; Thu, 11 Jul 2019 22:26:45 +0200 (CEST) Received: from hermia.goebel-consult.de (ppp-188-174-60-166.dynamic.mnet-online.de [188.174.60.166]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPS for <36605@debbugs.gnu.org>; Thu, 11 Jul 2019 22:26:45 +0200 (CEST) Received: from lenashee.goebel-consult.de (lenashee.goebel-consult.de [192.168.110.2]) by hermia.goebel-consult.de (Postfix) with ESMTP id BAD77603AC for <36605@debbugs.gnu.org>; Thu, 11 Jul 2019 22:26:48 +0200 (CEST) From: Hartmut Goebel Date: Thu, 11 Jul 2019 22:26:09 +0200 Message-Id: <20190711202644.32014-1-h.goebel@crazy-compilers.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <58494E16.9010909@crazy-compilers.com> References: <58494E16.9010909@crazy-compilers.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Fixes . * nix/libstore/globals.hh (Settings) Add clientUid and clientGid. * nix/nix-daemon/nix-daemon.cc (daemonLoop] Store UID and GID of the caller in settings. * nix/libstore/build.cc (_chown): New function. (DerivationGoal::deleteTmpDir): Use it, change ownership of build directory if it is kept and the new owner is not root. --- nix/libstore/build.cc | 21 +++++++++++++++++++++ nix/libstore/globals.hh | 6 ++++++ nix/nix-daemon/nix-daemon.cc | 12 ++++++++++++ 3 files changed, 39 insertions(+) diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc index 889ee3d..e823001 100644 --- a/nix/libstore/build.cc +++ b/nix/libstore/build.cc @@ -2631,6 +2631,21 @@ void DerivationGoal::closeLogFile() } +static void _chown(const Path & path, uid_t uid, gid_t gid) +{ + checkInterrupt(); + + if (lchown(path.c_str(), uid, gid) == -1) { + throw SysError(format("change owner and group of `%1%'") % path); + } + struct stat st = lstat(path); + if (S_ISDIR(st.st_mode)) { + for (auto & i : readDirectory(path)) + _chown(path + "/" + i.name, uid, gid); + } +} + + void DerivationGoal::deleteTmpDir(bool force) { if (tmpDir != "") { @@ -2639,6 +2654,12 @@ void DerivationGoal::deleteTmpDir(bool force) format("note: keeping build directory `%2%'") % drvPath % tmpDir); chmod(tmpDir.c_str(), 0755); + // Change the ownership if clientUid is set. Never change the + // ownership or the group to "root" for security reasons. + if (settings.clientUid != (uid_t) -1 && settings.clientUid != 0) { + _chown(tmpDir, settings.clientUid, + settings.clientGid != 0 ? settings.clientGid : -1); + } } else deletePath(tmpDir); diff --git a/nix/libstore/globals.hh b/nix/libstore/globals.hh index 8c07e36..7beb1a5 100644 --- a/nix/libstore/globals.hh +++ b/nix/libstore/globals.hh @@ -70,6 +70,12 @@ struct Settings { subgoal of the same goal) fails. */ bool keepGoing; + /* User and groud id of the client issuing the build request. Used to set + the owner and group of the kept temporary directories of failed + builds. */ + uid_t clientUid; + gid_t clientGid; + /* Whether, if we cannot realise the known closure corresponding to a derivation, we should try to normalise the derivation instead. */ diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc index 682f9a2..47b67d5 100644 --- a/nix/nix-daemon/nix-daemon.cc +++ b/nix/nix-daemon/nix-daemon.cc @@ -960,6 +960,18 @@ static void daemonLoop() strncpy(argvSaved[1], processName.c_str(), strlen(argvSaved[1])); } +#if defined(SO_PEERCRED) + /* Store the client's user and group for this connection. This + has to be done in the forked process since it is per + connection. */ + settings.clientUid = cred.uid; + settings.clientGid = cred.gid; +#else + /* Setting these to -1 means: do not change */ + settings.clientUid = (uid_t) -1; + settings.clientGid = (gid_t) -1; +#endif + /* Handle the connection. */ from.fd = remote; to.fd = remote;