nixpkgs

History

Andreas Rammhold 9630d5c07f nixos/security/wrapper: ensure the tmpfs is not world writeable The /run/wrapper directory is a tmpfs. Unfortunately, it's mounted with its root directory has the standard (for tmpfs) mode: 1777 (world writeable, sticky -- the standard mode of shared temporary directories). This means that every user can create new files and subdirectories there, but can't move/delete/rename files that belong to other users.	2020-09-28 22:55:20 +02:00
..
default.nix	nixos/security/wrapper: ensure the tmpfs is not world writeable	2020-09-28 22:55:20 +02:00
wrapper.c	wrapper.c: fixup includes to work w/musl	2018-03-25 18:06:02 -05:00

Andreas Rammhold 9630d5c07f

nixos/security/wrapper: ensure the tmpfs is not world writeable

The /run/wrapper directory is a tmpfs. Unfortunately, it's mounted with
its root directory has the standard (for tmpfs) mode: 1777 (world writeable,
sticky -- the standard mode of shared temporary directories). This means that
every user can create new files and subdirectories there, but can't
move/delete/rename files that belong to other users.

2020-09-28 22:55:20 +02:00

default.nix

nixos/security/wrapper: ensure the tmpfs is not world writeable

2020-09-28 22:55:20 +02:00

wrapper.c

wrapper.c: fixup includes to work w/musl

2018-03-25 18:06:02 -05:00