summary refs log tree commit diff
diff options
context:
space:
mode:
authorEelco Dolstra <e.dolstra@tudelft.nl>2007-01-24 13:31:20 +0000
committerEelco Dolstra <e.dolstra@tudelft.nl>2007-01-24 13:31:20 +0000
commit84a84afb0ec60551c606fa95699afb6153465704 (patch)
tree082ad3b91828660f52b070165196a4f37102694e
parentfac63d6416ae0f7aec6c986d9d258b25047a24e2 (diff)
downloadguix-84a84afb0ec60551c606fa95699afb6153465704.tar.gz
* Nasty: Glibc clears the TMPDIR environment variable in setuid
  programs, so if a builder uses TMPDIR, then it will fail when
  executed through nix-setuid-helper.  In fact Glibc clears a whole
  bunch of variables (see sysdeps/generic/unsecvars.h in the Glibc
  sources), but only TMPDIR should matter in practice.  As a
  workaround, we reinitialise TMPDIR from NIX_BUILD_TOP.

-rw-r--r--src/nix-setuid-helper/nix-setuid-helper.cc9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/nix-setuid-helper/nix-setuid-helper.cc b/src/nix-setuid-helper/nix-setuid-helper.cc
index 168cff40a3..ffb2abc1f1 100644
--- a/src/nix-setuid-helper/nix-setuid-helper.cc
+++ b/src/nix-setuid-helper/nix-setuid-helper.cc
@@ -128,8 +128,15 @@ static void runBuilder(uid_t uidNix, gid_t gidBuildUsers,
     for (int i = 0; i < argc; ++i)
         args.push_back(argv[i]);
     args.push_back(0);
+
+    environ = env;
+
+    /* Glibc clears TMPDIR in setuid programs (see
+       sysdeps/generic/unsecvars.h in the Glibc sources), so bring it
+       back. */
+    setenv("TMPDIR", getenv("NIX_BUILD_TOP"), 1);
     
-    if (execve(program.c_str(), (char * *) &args[0], env) == -1)
+    if (execv(program.c_str(), (char * *) &args[0]) == -1)
         throw SysError(format("cannot execute `%1%'") % program);
 }