pkgs/build-support/setup-hooks/audit-tmpdir.sh

   1 # Check whether RPATHs or wrapper scripts contain references to
   2 # $TMPDIR. This is a serious security bug because it allows any user
   3 # to inject files into search paths of other users' processes.
   4 #
   5 # It might be better to have Nix scan build output for any occurrence
   6 # of $TMPDIR (which would also be good for reproducibility), but at
   7 # the moment that would produce too many spurious errors (e.g. debug
   8 # info or assertion messages that refer to $TMPDIR).
   9
  10 fixupOutputHooks+=('if [[ -z "${noAuditTmpdir-}" && -e "$prefix" ]]; then auditTmpdir "$prefix"; fi')
  11
  12 auditTmpdir() {
  13     local dir="$1"
  14     [ -e "$dir" ] || return 0
  15
  16     echo "checking for references to $TMPDIR/ in $dir..."
  17
  18     local i
  19     find "$dir" -type f -print0 | while IFS= read -r -d $'\0' i; do
  20         if [[ "$i" =~ .build-id ]]; then continue; fi
  21
  22         if isELF "$i"; then
  23             if { printf :; patchelf --print-rpath "$i"; } | grep -q -F ":$TMPDIR/"; then
  24                 echo "RPATH of binary $i contains a forbidden reference to $TMPDIR/"
  25                 exit 1
  26             fi
  27         fi
  28
  29         if isScript "$i"; then
  30             if [ -e "$(dirname "$i")/.$(basename "$i")-wrapped" ]; then
  31                 if grep -q -F "$TMPDIR/" "$i"; then
  32                     echo "wrapper script $i contains a forbidden reference to $TMPDIR/"
  33                     exit 1
  34                 fi
  35             fi
  36         fi
  37
  38     done
  39 }