Author: eelco
Date: Wed Jul 20 12:15:40 2011
New Revision: 27840
URL: https://svn.nixos.org/websvn/nix/?rev=27840&sc=1
Log:
* Added a test that make sure that users cannot register
specially-crafted derivations that produce output paths belonging to
other derivations. This could be used to inject malware into the
store.
Added:
nix/trunk/tests/secure-drv-outputs.nix
nix/trunk/tests/secure-drv-outputs.sh
Modified:
nix/trunk/tests/Makefile.am
Modified: nix/trunk/tests/Makefile.am
==============================================================================
--- nix/trunk/tests/Makefile.am Wed Jul 20 12:13:07 2011 (r27839)
+++ nix/trunk/tests/Makefile.am Wed Jul 20 12:15:40 2011 (r27840)
@@ -8,7 +8,7 @@
referrers.sh user-envs.sh logging.sh nix-build.sh misc.sh fixed.sh \
gc-runtime.sh install-package.sh check-refs.sh filter-source.sh \
remote-store.sh export.sh export-graph.sh negative-caching.sh \
- binary-patching.sh timeout.sh
+ binary-patching.sh timeout.sh secure-drv-outputs.sh
XFAIL_TESTS =
@@ -34,5 +34,6 @@
negative-caching.nix \
binary-patching.nix \
timeout.nix timeout.builder.sh \
+ secure-drv-outputs.nix \
$(wildcard lang/*.nix) $(wildcard lang/*.exp) $(wildcard lang/*.exp.xml)
$(wildcard lang/*.flags) \
common.sh.in
Added: nix/trunk/tests/secure-drv-outputs.nix
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ nix/trunk/tests/secure-drv-outputs.nix Wed Jul 20 12:15:40 2011
(r27840)
@@ -0,0 +1,23 @@
+with import ./config.nix;
+
+{
+
+ good = mkDerivation {
+ name = "good";
+ builder = builtins.toFile "builder"
+ ''
+ mkdir $out
+ touch $out/good
+ '';
+ };
+
+ bad = mkDerivation {
+ name = "good";
+ builder = builtins.toFile "builder"
+ ''
+ mkdir $out
+ touch $out/bad
+ '';
+ };
+
+}
Added: nix/trunk/tests/secure-drv-outputs.sh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ nix/trunk/tests/secure-drv-outputs.sh Wed Jul 20 12:15:40 2011
(r27840)
@@ -0,0 +1,37 @@
+# Test that users cannot register specially-crafted derivations that
+# produce output paths belonging to other derivations. This could be
+# used to inject malware into the store.
+
+source common.sh
+
+clearStore
+clearManifests
+
+startDaemon
+
+# Determine the output path of the "good" derivation.
+goodOut=$($nixstore -q $($nixinstantiate ./secure-drv-outputs.nix -A good))
+
+# Instantiate the "bad" derivation.
+badDrv=$($nixinstantiate ./secure-drv-outputs.nix -A bad)
+badOut=$($nixstore -q $badDrv)
+
+# Rewrite the bad derivation to produce the output path of the good
+# derivation.
+rm -f $TEST_ROOT/bad.drv
+sed -e "s|$badOut|$goodOut|g" < $badDrv > $TEST_ROOT/bad.drv
+
+# Add the manipulated derivation to the store and build it. This
+# should fail.
+if badDrv2=$($nixstore --add $TEST_ROOT/bad.drv); then
+ $nixstore -r "$badDrv2"
+fi
+
+# Now build the good derivation.
+goodOut2=$($nixbuild ./secure-drv-outputs.nix -A good)
+test "$goodOut" = "$goodOut2"
+
+if ! test -e "$goodOut"/good; then
+ echo "Bad derivation stole the output path of the good derivation!"
+ exit 1
+fi
_______________________________________________
nix-commits mailing list
[email protected]
http://mail.cs.uu.nl/mailman/listinfo/nix-commits
