mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-30 01:26:15 +02:00
Don't do vfork in conjunction with setuid
This commit is contained in:
parent
0e8fc118b3
commit
851b47bd7d
2 changed files with 5 additions and 0 deletions
|
@ -1914,6 +1914,8 @@ void DerivationGoal::startBuilder()
|
||||||
builderOut.create();
|
builderOut.create();
|
||||||
|
|
||||||
/* Fork a child to build the package. */
|
/* Fork a child to build the package. */
|
||||||
|
ProcessOptions options;
|
||||||
|
options.allowVfork = !buildUser.enabled();
|
||||||
pid = startProcess([&]() {
|
pid = startProcess([&]() {
|
||||||
runChild();
|
runChild();
|
||||||
});
|
});
|
||||||
|
|
|
@ -825,6 +825,9 @@ void killUser(uid_t uid)
|
||||||
users to which the current process can send signals. So we
|
users to which the current process can send signals. So we
|
||||||
fork a process, switch to uid, and send a mass kill. */
|
fork a process, switch to uid, and send a mass kill. */
|
||||||
|
|
||||||
|
ProcessOptions options;
|
||||||
|
options.allowVfork = false;
|
||||||
|
|
||||||
Pid pid = startProcess([&]() {
|
Pid pid = startProcess([&]() {
|
||||||
|
|
||||||
if (setuid(uid) == -1)
|
if (setuid(uid) == -1)
|
||||||
|
|
Loading…
Reference in a new issue