summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--nix/nix-daemon/nix-daemon.cc16
1 files changed, 9 insertions, 7 deletions
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 96a4e4b773..2b89190dbe 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -648,13 +648,15 @@ static void performOp(bool trusted, unsigned int clientVersion,
         break;
 
     case wopVerifyStore: {
-	bool checkContents = readInt(from) != 0;
-	bool repair = readInt(from) != 0;
-	startWork();
-	bool errors = store->verifyStore(checkContents, repair);
-	stopWork();
-	writeInt(errors, to);
-	break;
+        bool checkContents = readInt(from) != 0;
+        bool repair = readInt(from) != 0;
+        startWork();
+        if (repair && !trusted)
+            throw Error("you are not privileged to repair paths");
+        bool errors = store->verifyStore(checkContents, repair);
+        stopWork();
+        writeInt(errors, to);
+        break;
     }
 
     default: