Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/tmp/env-vars not cleaned up, and owned by root #11470

Closed
bobrippling opened this issue Sep 10, 2024 · 7 comments · Fixed by #11713
Closed

/tmp/env-vars not cleaned up, and owned by root #11470

bobrippling opened this issue Sep 10, 2024 · 7 comments · Fixed by #11713
Labels
bug

Comments

@bobrippling
Copy link

Describe the bug

I see an error about /tmp/env-vars not being removable:

$ nix-shell -p bash
this path will be fetched (0.06 MiB download, 0.31 MiB unpacked):
  /nix/store/9r03kc5pg7ipi4yimkj386jsf34dxcpx-bash-5.2p32-dev
copying path '/nix/store/9r03kc5pg7ipi4yimkj386jsf34dxcpx-bash-5.2p32-dev' from 'https://cache.nixos.org'...
install: cannot remove '/tmp/env-vars': Operation not permitted

(ins)[nix-shell:~]$

specifically, install: cannot remove '/tmp/env-vars': Operation not permitted

$ ls -l /tmp/env-vars
-rw------- 1 root root 6515 Sep  2 05:27 /tmp/env-vars

Steps To Reproduce

  1. See above description - any execution of nix-shell
  2. See error above

Expected behavior

No error about /tmp/env-vars is emitted

nix-env --version output

nix-env (Nix) 2.18.5

Additional context

I believe this is where the error occurs

See also this old issue: #262

Priorities

Add 👍 to issues you find important.
@voidzero
Copy link

voidzero commented Oct 9, 2024

I have this issue too. Additionally, though not sure if this is related, /etc/nix/path is no longer being generated by nixos-rebuild.

@voidzero voidzero mentioned this issue Oct 9, 2024
Closed
@voidzero
Copy link

voidzero commented Oct 9, 2024

Hilighting @flokli (thanks)

@Ruhrozz
Copy link

Ruhrozz commented Oct 11, 2024

same problem here

@interroobang
Copy link

Same problem here... I just trying to make multimonitor setup on tty framebuffer.... I could'nt use nix-shell now...

@Artturin Artturin mentioned this issue Oct 17, 2024
Closed
@Artturin
Copy link
Member

Artturin commented Oct 17, 2024
edited
Loading

Maybe caused by the same commit as #11473
But the fix will be different.

@Mic92
Copy link
Member

Mic92 commented Oct 18, 2024
edited
Loading

So nix develop creates a temporary directory for NIX_BUILD_TOP. I think nix-shell should do the same.
The current work around is to do this: TEMP=$PWD nix-shell -p bash

Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 18, 2024
@Mic92
fix env-vars beeing written to /tmp
2009cf6 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
@Mic92 Mic92 mentioned this issue Oct 18, 2024
Merged
@Mic92
Copy link
Member

Mic92 commented Oct 18, 2024

I think we need something like this: #11713

Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 18, 2024
@Mic92
fix env-vars beeing written to /tmp
09929cf 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 21, 2024
@Mic92
fix env-vars beeing written to /tmp
9dc73a7 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 21, 2024
@Mic92
fix env-vars beeing written to /tmp
874dfcc 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 21, 2024
@Mic92
fix env-vars beeing written to /tmp
2191c3e 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 21, 2024
@Mic92
fix env-vars beeing written to /tmp
d77e03a 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 22, 2024
@Mic92
fix env-vars beeing written to /tmp
cb75347 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 22, 2024
@Mic92
fix env-vars beeing written to /tmp
6316c5a 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 22, 2024
@Mic92
fix env-vars beeing written to /tmp
5d83991 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 22, 2024
@Mic92
fix env-vars beeing written to /tmp
4dabba7 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 22, 2024
@Mic92
fix env-vars beeing written to /tmp
800cbb9 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 22, 2024
@Mic92
fix env-vars beeing written to /tmp
2105574 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
Mic92 added a commit to Mic92/nix-1 that referenced this issue Oct 22, 2024
@Mic92
fix env-vars beeing written to /tmp
842cdf0 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
mergify bot pushed a commit that referenced this issue Oct 22, 2024
@Mic92 @mergify
fix env-vars beeing written to /tmp
0e9b04a 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes #11470

(cherry picked from commit 2105574)
@mergify mergify bot mentioned this issue Oct 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix env-vars beeing written to /tmp Mic92/nix-1
6 participants
@Mic92 @bobrippling @voidzero @interroobang @Artturin @Ruhrozz