mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-26 15:56:18 +02:00
Don't do vfork in conjunction with setuid
This commit is contained in:
parent
0e8fc118b3
commit
851b47bd7d
2 changed files with 5 additions and 0 deletions
|
@ -1914,6 +1914,8 @@ void DerivationGoal::startBuilder()
|
|||
builderOut.create();
|
||||
|
||||
/* Fork a child to build the package. */
|
||||
ProcessOptions options;
|
||||
options.allowVfork = !buildUser.enabled();
|
||||
pid = startProcess([&]() {
|
||||
runChild();
|
||||
});
|
||||
|
|
|
@ -825,6 +825,9 @@ void killUser(uid_t uid)
|
|||
users to which the current process can send signals. So we
|
||||
fork a process, switch to uid, and send a mass kill. */
|
||||
|
||||
ProcessOptions options;
|
||||
options.allowVfork = false;
|
||||
|
||||
Pid pid = startProcess([&]() {
|
||||
|
||||
if (setuid(uid) == -1)
|
||||
|
|
Loading…
Reference in a new issue