bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

[Ludovic Courtès]

Ludovic Courtès <address@hidden> skribis:

> Looks like we’ll need to do something similar to:
> <https://github.com/NixOS/nix/pull/3136/commits/5a303093dcae1e5ce9212616ef18f2ca51020b0d>.

Compared to the Nix build daemon, our daemon can accept connections over
TCP in addition to Unix-domain sockets, so the bit that does:

  store->createUser(userName, userId);

won’t work in that context (it would create ‘per-user/root’.)

I don’t see how to let the daemon create ‘per-user/$USER’ on behalf of
the client for clients connecting over TCP.  Or we’d need to add a
challenge mechanism or authentication.

Thoughts?

Ludo’.