mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 04:49:01 +02:00
nixos/security/wrappers: read capabilities off /proc/self/exe directly
/proc/self/exe is a "fake" symlink. When it's opened, it always opens the actual file that was execve()d in this process, even if the file was deleted or renamed; if the file is no longer accessible from the current chroot/mount namespace it will at the very worst fail and never open the wrong file. Thus, we can make a much simpler argument that we're reading capabilities off the correct file after this change (and that argument doesn't rely on things such as protected_hardlinks being enabled, or no users being able to write to /run/wrappers, or the verification that the path readlink returns starts with /run/wrappers/).
This commit is contained in:
parent
1bdbc0b0fe
commit
e3550208de
|
@ -236,7 +236,7 @@ int main(int argc, char **argv) {
|
|||
// Read the capabilities set on the wrapper and raise them in to
|
||||
// the ambient set so the program we're wrapping receives the
|
||||
// capabilities too!
|
||||
if (make_caps_ambient(self_path) != 0) {
|
||||
if (make_caps_ambient("/proc/self/exe") != 0) {
|
||||
free(self_path);
|
||||
return 1;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue