diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-06-02 02:21:54 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2015-06-03 22:06:28 +0200 |
| commit | e531520ddcd54903bbea0f3ce08dfbed830f40aa (patch) | |
| tree | 51da0411bf211966d1c44838c45747a874023c7b | |
| parent | 715478fe09a73cec70f5c6f869cac482f004596f (diff) | |
| download | guix-e531520ddcd54903bbea0f3ce08dfbed830f40aa.tar.gz | |
Don't let unprivileged users repair paths
| -rw-r--r-- | nix/nix-daemon/nix-daemon.cc | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc index 96a4e4b773..2b89190dbe 100644 --- a/nix/nix-daemon/nix-daemon.cc +++ b/nix/nix-daemon/nix-daemon.cc @@ -648,13 +648,15 @@ static void performOp(bool trusted, unsigned int clientVersion, break; case wopVerifyStore: { - bool checkContents = readInt(from) != 0; - bool repair = readInt(from) != 0; - startWork(); - bool errors = store->verifyStore(checkContents, repair); - stopWork(); - writeInt(errors, to); - break; + bool checkContents = readInt(from) != 0; + bool repair = readInt(from) != 0; + startWork(); + if (repair && !trusted) + throw Error("you are not privileged to repair paths"); + bool errors = store->verifyStore(checkContents, repair); + stopWork(); + writeInt(errors, to); + break; } default: |