mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-10 08:16:15 +02:00
* Set the umask to known value (0022). This is important in a
setuid installation, since the calling user may have a more fascist umask (say, 0077), which would cause the store objects built by Nix to be unreadable to anyone other than the Nix user.
This commit is contained in:
parent
550d960586
commit
e043fc7d0b
1 changed files with 6 additions and 0 deletions
|
@ -91,6 +91,12 @@ static void initAndRun(int argc, char * * argv)
|
||||||
if (sigaction(SIGPIPE, &act, &oact))
|
if (sigaction(SIGPIPE, &act, &oact))
|
||||||
throw SysError("ignoring SIGPIPE");
|
throw SysError("ignoring SIGPIPE");
|
||||||
|
|
||||||
|
/* There is no privacy in the Nix system ;-) At least not for
|
||||||
|
now. In particular, store objects should be readable by
|
||||||
|
everybody. This prevents nasty surprises when using a shared
|
||||||
|
store (with the setuid() hack). */
|
||||||
|
umask(0022);
|
||||||
|
|
||||||
/* Process the NIX_LOG_TYPE environment variable. */
|
/* Process the NIX_LOG_TYPE environment variable. */
|
||||||
string lt = getEnv("NIX_LOG_TYPE");
|
string lt = getEnv("NIX_LOG_TYPE");
|
||||||
if (lt != "") setLogType(lt);
|
if (lt != "") setLogType(lt);
|
||||||
|
|
Loading…
Reference in a new issue