Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix env-vars beeing written to /tmp #11713

Merged
merged 1 commit into from
Oct 22, 2024
Merged

fix env-vars beeing written to /tmp #11713

merged 1 commit into from
Oct 22, 2024
+14 −12

Conversation

Mic92
Copy link
Member

@Mic92 Mic92 commented Oct 18, 2024
edited
Loading

Current status: works on my machine

This overall seems like insecure tmp file handling to me. Because other users could replace files in /tmp with a symlink and make the nix-shell override other files.

fixes #11470

@Mic92 Mic92 mentioned this pull request Oct 18, 2024
Closed
@Mic92 Mic92 force-pushed the env-vars branch 2 times, most recently from 09929cf to 9dc73a7 Compare October 21, 2024 12:26
@Mic92 Mic92 marked this pull request as ready for review October 21, 2024 12:47
@Mic92 Mic92 added the backport 2.24-maintenance Automatically creates a PR against the branch label Oct 21, 2024
@github-actions github-actions bot added the store Issues and pull requests concerning the Nix store label Oct 22, 2024
@Mic92 Mic92 force-pushed the env-vars branch 2 times, most recently from 6316c5a to 5d83991 Compare October 22, 2024 07:33
@Mic92
fix env-vars beeing written to /tmp
2105574 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes NixOS#11470
@github-actions github-actions bot added the with-tests Issues related to testing. PRs with tests have some priority label Oct 22, 2024
@Mic92
Copy link
Member Author

Mic92 commented Oct 22, 2024

Added a test.

@edolstra edolstra merged commit c2cf01a into NixOS:master Oct 22, 2024
11 checks passed
@mergify mergify bot mentioned this pull request Oct 22, 2024
Merged
edolstra added a commit that referenced this pull request Oct 22, 2024
@edolstra
Merge pull request #11730 from NixOS/mergify/bp/2.24-maintenance/pr-1…
7718688 
…1713

fix env-vars beeing written to `/tmp` (backport #11713)
@Mic92 Mic92 deleted the env-vars branch October 22, 2024 16:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edolstra edolstra edolstra left review comments

@roberth roberth roberth left review comments

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314

Assignees
No one assigned
Labels
backport 2.24-maintenance Automatically creates a PR against the branch store Issues and pull requests concerning the Nix store with-tests Issues related to testing. PRs with tests have some priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

/tmp/env-vars not cleaned up, and owned by root
3 participants
@Mic92 @roberth @edolstra