2017-05-04 19:06:40 +01:00
|
|
|
# Check whether RPATHs or wrapper scripts contain references to
|
|
|
|
# $TMPDIR. This is a serious security bug because it allows any user
|
|
|
|
# to inject files into search paths of other users' processes.
|
|
|
|
#
|
|
|
|
# It might be better to have Nix scan build output for any occurrence
|
|
|
|
# of $TMPDIR (which would also be good for reproducibility), but at
|
|
|
|
# the moment that would produce too many spurious errors (e.g. debug
|
|
|
|
# info or assertion messages that refer to $TMPDIR).
|
|
|
|
|
|
|
|
fixupOutputHooks+=('if [ -z "$noAuditTmpdir" -a -e "$prefix" ]; then auditTmpdir "$prefix"; fi')
|
|
|
|
|
|
|
|
auditTmpdir() {
|
|
|
|
local dir="$1"
|
|
|
|
[ -e "$dir" ] || return 0
|
|
|
|
|
2018-11-16 21:35:56 +00:00
|
|
|
header "checking for references to $TMPDIR/ in $dir..."
|
2017-05-04 19:06:40 +01:00
|
|
|
|
|
|
|
local i
|
|
|
|
while IFS= read -r -d $'\0' i; do
|
|
|
|
if [[ "$i" =~ .build-id ]]; then continue; fi
|
|
|
|
|
|
|
|
if isELF "$i"; then
|
2018-12-01 15:16:01 +00:00
|
|
|
if { printf :; patchelf --print-rpath "$i"; } | grep -q -F ":$TMPDIR/"; then
|
2018-11-16 21:35:56 +00:00
|
|
|
echo "RPATH of binary $i contains a forbidden reference to $TMPDIR/"
|
2017-05-04 19:06:40 +01:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2018-12-02 10:34:26 +00:00
|
|
|
if isScript "$i"; then
|
2018-08-20 18:44:29 +01:00
|
|
|
if [ -e "$(dirname "$i")/.$(basename "$i")-wrapped" ]; then
|
2018-11-16 21:35:56 +00:00
|
|
|
if grep -q -F "$TMPDIR/" "$i"; then
|
|
|
|
echo "wrapper script $i contains a forbidden reference to $TMPDIR/"
|
2017-05-04 19:06:40 +01:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
done < <(find "$dir" -type f -print0)
|
|
|
|
|
|
|
|
stopNest
|
|
|
|
}
|