diff options
| author | Alyssa Ross <hi@alyssa.is> | 2024-03-22 16:41:59 +0100 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2024-03-22 16:41:59 +0100 |
| commit | 46a88117a05c3469af5d99433af140c3de8ca088 (patch) | |
| tree | d7f0557756d8f07a3081b3498c05ddc5a8ad429d /nixpkgs/pkgs/tools/package-management | |
| parent | e97457545cea0b2ca421da257c83d8f1ef451d85 (diff) | |
| parent | a343533bccc62400e8a9560423486a3b6c11a23b (diff) | |
| download | nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.gz nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.bz2 nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.lz nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.xz nixlib-46a88117a05c3469af5d99433af140c3de8ca088.tar.zst nixlib-46a88117a05c3469af5d99433af140c3de8ca088.zip | |
Merge commit 'a343533bccc62400e8a9560423486a3b6c11a23b'
Diffstat (limited to 'nixpkgs/pkgs/tools/package-management')
12 files changed, 1229 insertions, 35 deletions
diff --git a/nixpkgs/pkgs/tools/package-management/deploy-rs/default.nix b/nixpkgs/pkgs/tools/package-management/deploy-rs/default.nix index 72eacb558bb8..ad656ca385e4 100644 --- a/nixpkgs/pkgs/tools/package-management/deploy-rs/default.nix +++ b/nixpkgs/pkgs/tools/package-management/deploy-rs/default.nix @@ -8,16 +8,16 @@ rustPlatform.buildRustPackage { pname = "deploy-rs"; - version = "unstable-2023-12-20"; + version = "unstable-2024-02-16"; src = fetchFromGitHub { owner = "serokell"; repo = "deploy-rs"; - rev = "b709d63debafce9f5645a5ba550c9e0983b3d1f7"; - hash = "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M="; + rev = "0a0187794ac7f7a1e62cda3dabf8dc041f868790"; + hash = "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE="; }; - cargoHash = "sha256-PVeCB1g3JSYE6PKWHyE3hfN/CKlb9XErt8uaD/ZyxIs="; + cargoHash = "sha256-Vo/45cZM/sBAaoikhEwCvduhMQjurwSZwCjwrIQn7IA="; buildInputs = lib.optionals stdenv.isDarwin [ CoreServices diff --git a/nixpkgs/pkgs/tools/package-management/dnf5/default.nix b/nixpkgs/pkgs/tools/package-management/dnf5/default.nix index 129b98867cb0..fc22001a5192 100644 --- a/nixpkgs/pkgs/tools/package-management/dnf5/default.nix +++ b/nixpkgs/pkgs/tools/package-management/dnf5/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "dnf5"; - version = "5.1.13"; + version = "5.1.14"; outputs = [ "out" "man" ]; @@ -38,7 +38,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "rpm-software-management"; repo = "dnf5"; rev = finalAttrs.version; - hash = "sha256-6fgQA9L6yBDdtCzxPg+EyxERr/dzW1PWVaT1+lRCXmo="; + hash = "sha256-LVemkL3Ysv2hS0/c+ZTqzEKq3kFu+T1rEBwZpjssE2k="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/package-management/dpkg/default.nix b/nixpkgs/pkgs/tools/package-management/dpkg/default.nix index 59e259541992..b286a7b51b9f 100644 --- a/nixpkgs/pkgs/tools/package-management/dpkg/default.nix +++ b/nixpkgs/pkgs/tools/package-management/dpkg/default.nix @@ -18,12 +18,12 @@ stdenv.mkDerivation rec { pname = "dpkg"; - version = "1.22.1"; + version = "1.22.4"; src = fetchgit { url = "https://git.launchpad.net/ubuntu/+source/dpkg"; rev = "applied/${version}"; - hash = "sha256-63XRO3Img+XS2F5Krb5DAw0LMhtxB+eJi754O03Lx8Q="; + hash = "sha256-tpYSOimBd78rAthQUga/MNraWll9qEA+vRG+/F+t3mM="; }; configureFlags = [ diff --git a/nixpkgs/pkgs/tools/package-management/nix/common.nix b/nixpkgs/pkgs/tools/package-management/nix/common.nix index cab48bbaf5b6..d0840d206b67 100644 --- a/nixpkgs/pkgs/tools/package-management/nix/common.nix +++ b/nixpkgs/pkgs/tools/package-management/nix/common.nix @@ -15,6 +15,15 @@ let atLeast210 = lib.versionAtLeast version "2.10pre"; atLeast213 = lib.versionAtLeast version "2.13pre"; atLeast214 = lib.versionAtLeast version "2.14pre"; + atLeast220 = lib.versionAtLeast version "2.20pre"; + atLeast221 = lib.versionAtLeast version "2.21pre"; + # Major.minor versions unaffected by CVE-2024-27297 + unaffectedByFodSandboxEscape = [ + "2.3" + "2.18" + "2.19" + "2.20" + ]; in { stdenv , autoconf-archive @@ -40,6 +49,7 @@ in , lib , libarchive , libcpuid +, libgit2 , libsodium , libxml2 , libxslt @@ -118,6 +128,8 @@ self = stdenv.mkDerivation { gtest libarchive lowdown + ] ++ lib.optionals atLeast220 [ + libgit2 ] ++ lib.optionals stdenv.isDarwin [ Security ] ++ lib.optionals (stdenv.isx86_64) [ @@ -249,6 +261,7 @@ self = stdenv.mkDerivation { platforms = platforms.unix; outputsToInstall = [ "out" ] ++ optional enableDocumentation "man"; mainProgram = "nix"; + knownVulnerabilities = lib.optional (!builtins.elem (lib.versions.majorMinor version) unaffectedByFodSandboxEscape && !atLeast221) "CVE-2024-27297"; }; }; in self diff --git a/nixpkgs/pkgs/tools/package-management/nix/default.nix b/nixpkgs/pkgs/tools/package-management/nix/default.nix index c3f970f78fb3..92c988ea5d08 100644 --- a/nixpkgs/pkgs/tools/package-management/nix/default.nix +++ b/nixpkgs/pkgs/tools/package-management/nix/default.nix @@ -17,8 +17,19 @@ let boehmgc-nix_2_3 = boehmgc.override { enableLargeConfig = true; }; boehmgc-nix = boehmgc-nix_2_3.overrideAttrs (drv: { - # Part of the GC solution in https://github.com/NixOS/nix/pull/4944 - patches = (drv.patches or [ ]) ++ [ ./patches/boehmgc-coroutine-sp-fallback.patch ]; + patches = (drv.patches or [ ]) ++ [ + # Part of the GC solution in https://github.com/NixOS/nix/pull/4944 + ./patches/boehmgc-coroutine-sp-fallback.patch + + # Required since 2.20, and has always been a valid change + # Awaiting 8.2 patch release of https://github.com/ivmai/bdwgc/commit/d1d4194c010bff2dc9237223319792cae834501c + # or master release of https://github.com/ivmai/bdwgc/commit/86b3bf0c95b66f718c3cb3d35fd7387736c2a4d7 + (fetchpatch { + name = "boehmgc-traceable_allocator-public.diff"; + url = "https://github.com/NixOS/nix/raw/2.20.0/dep-patches/boehmgc-traceable_allocator-public.diff"; + hash = "sha256-FLsHY/JS46neiSyyQkVpbHZEFvWSCzWrFQu1CC71sh4="; + }) + ]; }); # old nix fails to build with newer aws-sdk-cpp and the patch doesn't apply @@ -156,6 +167,7 @@ in lib.makeExtensible (self: ({ hash = "sha256-EK0pgHDekJFqr0oMj+8ANIjq96WPjICe2s0m4xkUdH4="; patches = [ patch-monitorfdhup + ./patches/2_3/CVE-2024-27297.patch ]; maintainers = with lib.maintainers; [ flokli raitobezarius ]; }).override { boehmgc = boehmgc-nix_2_3; }; @@ -234,12 +246,21 @@ in lib.makeExtensible (self: ({ hash = "sha256-WNmifcTsN9aG1ONkv+l2BC4sHZZxtNKy0keqBHXXQ7w="; patches = [ patch-rapidcheck-shared + ./patches/2_18/CVE-2024-27297.patch ]; }; nix_2_19 = common { version = "2.19.3"; hash = "sha256-EtL6M0H5+0mFbFh+teVjm+0B+xmHoKwtBvigS5NMWoo="; + patches = [ + ./patches/2_19/CVE-2024-27297.patch + ]; + }; + + nix_2_20 = common { + version = "2.20.5"; + hash = "sha256-bfFe38BkoQws7om4gBtBWoNTLkt9piMXdLLoHYl+vBQ="; }; # The minimum Nix version supported by Nixpkgs @@ -261,7 +282,7 @@ in lib.makeExtensible (self: ({ stable = addFallbackPathsCheck self.nix_2_18; - unstable = self.nix_2_19; + unstable = self.nix_2_20; } // lib.optionalAttrs config.allowAliases { nix_2_4 = throw "nixVersions.nix_2_4 has been removed"; diff --git a/nixpkgs/pkgs/tools/package-management/nix/patches/2_18/CVE-2024-27297.patch b/nixpkgs/pkgs/tools/package-management/nix/patches/2_18/CVE-2024-27297.patch new file mode 100644 index 000000000000..8d110d46a6bb --- /dev/null +++ b/nixpkgs/pkgs/tools/package-management/nix/patches/2_18/CVE-2024-27297.patch @@ -0,0 +1,379 @@ +From f8d20e91a45f71b60402f5916d2475751c089c84 Mon Sep 17 00:00:00 2001 +From: Tom Bereknyei <tomberek@gmail.com> +Date: Fri, 1 Mar 2024 03:42:26 -0500 +Subject: [PATCH 1/3] Add a NixOS test for the sandbox escape + +Test that we can't leverage abstract unix domain sockets to leak file +descriptors out of the sandbox and modify the path after it has been +registered. + +Co-authored-by: Theophane Hufschmitt <theophane.hufschmitt@tweag.io> +--- + flake.nix | 2 + + tests/nixos/ca-fd-leak/default.nix | 90 ++++++++++++++++++++++++++++++ + tests/nixos/ca-fd-leak/sender.c | 65 +++++++++++++++++++++ + tests/nixos/ca-fd-leak/smuggler.c | 66 ++++++++++++++++++++++ + 4 files changed, 223 insertions(+) + create mode 100644 tests/nixos/ca-fd-leak/default.nix + create mode 100644 tests/nixos/ca-fd-leak/sender.c + create mode 100644 tests/nixos/ca-fd-leak/smuggler.c + +diff --git a/flake.nix b/flake.nix +index 230bb6031..4a54c660f 100644 +--- a/flake.nix ++++ b/flake.nix +@@ -634,6 +634,8 @@ + ["i686-linux" "x86_64-linux"] + (system: runNixOSTestFor system ./tests/nixos/setuid.nix); + ++ tests.ca-fd-leak = runNixOSTestFor "x86_64-linux" ./tests/nixos/ca-fd-leak; ++ + + # Make sure that nix-env still produces the exact same result + # on a particular version of Nixpkgs. +diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix +new file mode 100644 +index 000000000..a6ae72adc +--- /dev/null ++++ b/tests/nixos/ca-fd-leak/default.nix +@@ -0,0 +1,90 @@ ++# Nix is a sandboxed build system. But Not everything can be handled inside its ++# sandbox: Network access is normally blocked off, but to download sources, a ++# trapdoor has to exist. Nix handles this by having "Fixed-output derivations". ++# The detail here is not important, but in our case it means that the hash of ++# the output has to be known beforehand. And if you know that, you get a few ++# rights: you no longer run inside a special network namespace! ++# ++# Now, Linux has a special feature, that not many other unices do: Abstract ++# unix domain sockets! Not only that, but those are namespaced using the ++# network namespace! That means that we have a way to create sockets that are ++# available in every single fixed-output derivation, and also all processes ++# running on the host machine! Now, this wouldn't be that much of an issue, as, ++# well, the whole idea is that the output is pure, and all processes in the ++# sandbox are killed before finalizing the output. What if we didn't need those ++# processes at all? Unix domain sockets have a semi-known trick: you can pass ++# file descriptors around! ++# This makes it possible to exfiltrate a file-descriptor with write access to ++# $out outside of the sandbox. And that file-descriptor can be used to modify ++# the contents of the store path after it has been registered. ++ ++{ config, ... }: ++ ++let ++ pkgs = config.nodes.machine.nixpkgs.pkgs; ++ ++ # Simple C program that sends a a file descriptor to `$out` to a Unix ++ # domain socket. ++ # Compiled statically so that we can easily send it to the VM and use it ++ # inside the build sandbox. ++ sender = pkgs.runCommandWith { ++ name = "sender"; ++ stdenv = pkgs.pkgsStatic.stdenv; ++ } '' ++ $CC -static -o $out ${./sender.c} ++ ''; ++ ++ # Okay, so we have a file descriptor shipped out of the FOD now. But the ++ # Nix store is read-only, right? .. Well, yeah. But this file descriptor ++ # lives in a mount namespace where it is not! So even when this file exists ++ # in the actual Nix store, we're capable of just modifying its contents... ++ smuggler = pkgs.writeCBin "smuggler" (builtins.readFile ./smuggler.c); ++ ++ # The abstract socket path used to exfiltrate the file descriptor ++ socketName = "FODSandboxExfiltrationSocket"; ++in ++{ ++ name = "ca-fd-leak"; ++ ++ nodes.machine = ++ { config, lib, pkgs, ... }: ++ { virtualisation.writableStore = true; ++ nix.settings.substituters = lib.mkForce [ ]; ++ virtualisation.additionalPaths = [ pkgs.busybox-sandbox-shell sender smuggler pkgs.socat ]; ++ }; ++ ++ testScript = { nodes }: '' ++ start_all() ++ ++ machine.succeed("echo hello") ++ # Start the smuggler server ++ machine.succeed("${smuggler}/bin/smuggler ${socketName} >&2 &") ++ ++ # Build the smuggled derivation. ++ # This will connect to the smuggler server and send it the file descriptor ++ machine.succeed(r""" ++ nix-build -E ' ++ builtins.derivation { ++ name = "smuggled"; ++ system = builtins.currentSystem; ++ # look ma, no tricks! ++ outputHashMode = "flat"; ++ outputHashAlgo = "sha256"; ++ outputHash = builtins.hashString "sha256" "hello, world\n"; ++ builder = "${pkgs.busybox-sandbox-shell}/bin/sh"; ++ args = [ "-c" "echo \"hello, world\" > $out; ''${${sender}} ${socketName}" ]; ++ }' ++ """.strip()) ++ ++ ++ # Tell the smuggler server that we're done ++ machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}") ++ ++ # Check that the file was not modified ++ machine.succeed(r""" ++ cat ./result ++ test "$(cat ./result)" = "hello, world" ++ """.strip()) ++ ''; ++ ++} +diff --git a/tests/nixos/ca-fd-leak/sender.c b/tests/nixos/ca-fd-leak/sender.c +new file mode 100644 +index 000000000..75e54fc8f +--- /dev/null ++++ b/tests/nixos/ca-fd-leak/sender.c +@@ -0,0 +1,65 @@ ++#include <sys/socket.h> ++#include <sys/un.h> ++#include <stdlib.h> ++#include <stddef.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <fcntl.h> ++#include <errno.h> ++#include <string.h> ++#include <assert.h> ++ ++int main(int argc, char **argv) { ++ ++ assert(argc == 2); ++ ++ int sock = socket(AF_UNIX, SOCK_STREAM, 0); ++ ++ // Set up a abstract domain socket path to connect to. ++ struct sockaddr_un data; ++ data.sun_family = AF_UNIX; ++ data.sun_path[0] = 0; ++ strcpy(data.sun_path + 1, argv[1]); ++ ++ // Now try to connect, To ensure we work no matter what order we are ++ // executed in, just busyloop here. ++ int res = -1; ++ while (res < 0) { ++ res = connect(sock, (const struct sockaddr *)&data, ++ offsetof(struct sockaddr_un, sun_path) ++ + strlen(argv[1]) ++ + 1); ++ if (res < 0 && errno != ECONNREFUSED) perror("connect"); ++ if (errno != ECONNREFUSED) break; ++ } ++ ++ // Write our message header. ++ struct msghdr msg = {0}; ++ msg.msg_control = malloc(128); ++ msg.msg_controllen = 128; ++ ++ // Write an SCM_RIGHTS message containing the output path. ++ struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg); ++ hdr->cmsg_len = CMSG_LEN(sizeof(int)); ++ hdr->cmsg_level = SOL_SOCKET; ++ hdr->cmsg_type = SCM_RIGHTS; ++ int fd = open(getenv("out"), O_RDWR | O_CREAT, 0640); ++ memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int)); ++ ++ msg.msg_controllen = CMSG_SPACE(sizeof(int)); ++ ++ // Write a single null byte too. ++ msg.msg_iov = malloc(sizeof(struct iovec)); ++ msg.msg_iov[0].iov_base = ""; ++ msg.msg_iov[0].iov_len = 1; ++ msg.msg_iovlen = 1; ++ ++ // Send it to the othher side of this connection. ++ res = sendmsg(sock, &msg, 0); ++ if (res < 0) perror("sendmsg"); ++ int buf; ++ ++ // Wait for the server to close the socket, implying that it has ++ // received the commmand. ++ recv(sock, (void *)&buf, sizeof(int), 0); ++} +diff --git a/tests/nixos/ca-fd-leak/smuggler.c b/tests/nixos/ca-fd-leak/smuggler.c +new file mode 100644 +index 000000000..82acf37e6 +--- /dev/null ++++ b/tests/nixos/ca-fd-leak/smuggler.c +@@ -0,0 +1,66 @@ ++#include <sys/socket.h> ++#include <sys/un.h> ++#include <stdlib.h> ++#include <stddef.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <assert.h> ++ ++int main(int argc, char **argv) { ++ ++ assert(argc == 2); ++ ++ int sock = socket(AF_UNIX, SOCK_STREAM, 0); ++ ++ // Bind to the socket. ++ struct sockaddr_un data; ++ data.sun_family = AF_UNIX; ++ data.sun_path[0] = 0; ++ strcpy(data.sun_path + 1, argv[1]); ++ int res = bind(sock, (const struct sockaddr *)&data, ++ offsetof(struct sockaddr_un, sun_path) ++ + strlen(argv[1]) ++ + 1); ++ if (res < 0) perror("bind"); ++ ++ res = listen(sock, 1); ++ if (res < 0) perror("listen"); ++ ++ int smuggling_fd = -1; ++ ++ // Accept the connection a first time to receive the file descriptor. ++ fprintf(stderr, "%s\n", "Waiting for the first connection"); ++ int a = accept(sock, 0, 0); ++ if (a < 0) perror("accept"); ++ ++ struct msghdr msg = {0}; ++ msg.msg_control = malloc(128); ++ msg.msg_controllen = 128; ++ ++ // Receive the file descriptor as sent by the smuggler. ++ recvmsg(a, &msg, 0); ++ ++ struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg); ++ while (hdr) { ++ if (hdr->cmsg_level == SOL_SOCKET ++ && hdr->cmsg_type == SCM_RIGHTS) { ++ ++ // Grab the copy of the file descriptor. ++ memcpy((void *)&smuggling_fd, CMSG_DATA(hdr), sizeof(int)); ++ } ++ ++ hdr = CMSG_NXTHDR(&msg, hdr); ++ } ++ fprintf(stderr, "%s\n", "Got the file descriptor. Now waiting for the second connection"); ++ close(a); ++ ++ // Wait for a second connection, which will tell us that the build is ++ // done ++ a = accept(sock, 0, 0); ++ fprintf(stderr, "%s\n", "Got a second connection, rewriting the file"); ++ // Write a new content to the file ++ if (ftruncate(smuggling_fd, 0)) perror("ftruncate"); ++ char * new_content = "Pwned\n"; ++ int written_bytes = write(smuggling_fd, new_content, strlen(new_content)); ++ if (written_bytes != strlen(new_content)) perror("write"); ++} +-- +2.42.0 + + +From 4bc5a3510fa3735798f9ed3a2a30a3ea7b32343a Mon Sep 17 00:00:00 2001 +From: Tom Bereknyei <tomberek@gmail.com> +Date: Fri, 1 Mar 2024 03:45:39 -0500 +Subject: [PATCH 2/3] Copy the output of fixed-output derivations before + registering them + +It is possible to exfiltrate a file descriptor out of the build sandbox +of FODs, and use it to modify the store path after it has been +registered. +To avoid that issue, don't register the output of the build, but a copy +of it (that will be free of any leaked file descriptor). + +Co-authored-by: Theophane Hufschmitt <theophane.hufschmitt@tweag.io> +Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> +--- + src/libstore/build/local-derivation-goal.cc | 6 ++++++ + src/libutil/filesystem.cc | 6 ++++++ + src/libutil/util.hh | 7 +++++++ + 3 files changed, 19 insertions(+) + +diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc +index 64b55ca6a..f1e22f829 100644 +--- a/src/libstore/build/local-derivation-goal.cc ++++ b/src/libstore/build/local-derivation-goal.cc +@@ -2558,6 +2558,12 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs() + [&](const DerivationOutput::CAFixed & dof) { + auto & wanted = dof.ca.hash; + ++ // Replace the output by a fresh copy of itself to make sure ++ // that there's no stale file descriptor pointing to it ++ Path tmpOutput = actualPath + ".tmp"; ++ copyFile(actualPath, tmpOutput, true); ++ renameFile(tmpOutput, actualPath); ++ + auto newInfo0 = newInfoFromCA(DerivationOutput::CAFloating { + .method = dof.ca.method, + .hashType = wanted.type, +diff --git a/src/libutil/filesystem.cc b/src/libutil/filesystem.cc +index 11cc0c0e7..2a7787c0e 100644 +--- a/src/libutil/filesystem.cc ++++ b/src/libutil/filesystem.cc +@@ -133,6 +133,12 @@ void copy(const fs::directory_entry & from, const fs::path & to, bool andDelete) + } + } + ++ ++void copyFile(const Path & oldPath, const Path & newPath, bool andDelete) ++{ ++ return copy(fs::directory_entry(fs::path(oldPath)), fs::path(newPath), andDelete); ++} ++ + void renameFile(const Path & oldName, const Path & newName) + { + fs::rename(oldName, newName); +diff --git a/src/libutil/util.hh b/src/libutil/util.hh +index b302d6f45..59d42e0a5 100644 +--- a/src/libutil/util.hh ++++ b/src/libutil/util.hh +@@ -274,6 +274,13 @@ void renameFile(const Path & src, const Path & dst); + */ + void moveFile(const Path & src, const Path & dst); + ++/** ++ * Recursively copy the content of `oldPath` to `newPath`. If `andDelete` is ++ * `true`, then also remove `oldPath` (making this equivalent to `moveFile`, but ++ * with the guaranty that the destination will be “fresh”, with no stale inode ++ * or file descriptor pointing to it). ++ */ ++void copyFile(const Path & oldPath, const Path & newPath, bool andDelete); + + /** + * Wrappers arount read()/write() that read/write exactly the +-- +2.42.0 + + +From 9e7065bef5469b3024cde2bbc7745530a64fde5b Mon Sep 17 00:00:00 2001 +From: Tom Bereknyei <tomberek@gmail.com> +Date: Fri, 1 Mar 2024 04:01:23 -0500 +Subject: [PATCH 3/3] Add release notes + +Co-authored-by: Theophane Hufschmitt <theophane.hufschmitt@tweag.io> +--- + doc/manual/src/release-notes/rl-next.md | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/doc/manual/src/release-notes/rl-next.md b/doc/manual/src/release-notes/rl-next.md +index c869b5e2f..f77513385 100644 +--- a/doc/manual/src/release-notes/rl-next.md ++++ b/doc/manual/src/release-notes/rl-next.md +@@ -1 +1,9 @@ + # Release X.Y (202?-??-??) ++ ++- Fix a FOD sandbox escape: ++ Cooperating Nix derivations could send file descriptors to files in the Nix ++ store to each other via Unix domain sockets in the abstract namespace. This ++ allowed one derivation to modify the output of the other derivation, after Nix ++ has registered the path as "valid" and immutable in the Nix database. ++ In particular, this allowed the output of fixed-output derivations to be ++ modified from their expected content. This isn't the case any more. +-- +2.42.0 + diff --git a/nixpkgs/pkgs/tools/package-management/nix/patches/2_19/CVE-2024-27297.patch b/nixpkgs/pkgs/tools/package-management/nix/patches/2_19/CVE-2024-27297.patch new file mode 100644 index 000000000000..e75b7577af1e --- /dev/null +++ b/nixpkgs/pkgs/tools/package-management/nix/patches/2_19/CVE-2024-27297.patch @@ -0,0 +1,407 @@ +From ca05f6d2038a749f63205fccc4a4daa914a6b95b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= + <theophane.hufschmitt@tweag.io> +Date: Mon, 12 Feb 2024 21:28:20 +0100 +Subject: [PATCH 1/4] Add a NixOS test for the sandbox escape + +Test that we can't leverage abstract unix domain sockets to leak file +descriptors out of the sandbox and modify the path after it has been +registered. +--- + tests/nixos/ca-fd-leak/default.nix | 90 ++++++++++++++++++++++++++++++ + tests/nixos/ca-fd-leak/sender.c | 65 +++++++++++++++++++++ + tests/nixos/ca-fd-leak/smuggler.c | 66 ++++++++++++++++++++++ + tests/nixos/default.nix | 2 + + 4 files changed, 223 insertions(+) + create mode 100644 tests/nixos/ca-fd-leak/default.nix + create mode 100644 tests/nixos/ca-fd-leak/sender.c + create mode 100644 tests/nixos/ca-fd-leak/smuggler.c + +diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix +new file mode 100644 +index 000000000..40e57ea02 +--- /dev/null ++++ b/tests/nixos/ca-fd-leak/default.nix +@@ -0,0 +1,90 @@ ++# Nix is a sandboxed build system. But Not everything can be handled inside its ++# sandbox: Network access is normally blocked off, but to download sources, a ++# trapdoor has to exist. Nix handles this by having "Fixed-output derivations". ++# The detail here is not important, but in our case it means that the hash of ++# the output has to be known beforehand. And if you know that, you get a few ++# rights: you no longer run inside a special network namespace! ++# ++# Now, Linux has a special feature, that not many other unices do: Abstract ++# unix domain sockets! Not only that, but those are namespaced using the ++# network namespace! That means that we have a way to create sockets that are ++# available in every single fixed-output derivation, and also all processes ++# running on the host machine! Now, this wouldn't be that much of an issue, as, ++# well, the whole idea is that the output is pure, and all processes in the ++# sandbox are killed before finalizing the output. What if we didn't need those ++# processes at all? Unix domain sockets have a semi-known trick: you can pass ++# file descriptors around! ++# This makes it possible to exfiltrate a file-descriptor with write access to ++# $out outside of the sandbox. And that file-descriptor can be used to modify ++# the contents of the store path after it has been registered. ++ ++{ config, ... }: ++ ++let ++ pkgs = config.nodes.machine.nixpkgs.pkgs; ++ ++ # Simple C program that sends a a file descriptor to `$out` to a Unix ++ # domain socket. ++ # Compiled statically so that we can easily send it to the VM and use it ++ # inside the build sandbox. ++ sender = pkgs.runCommandWith { ++ name = "sender"; ++ stdenv = pkgs.pkgsStatic.stdenv; ++ } '' ++ $CC -static -o $out ${./sender.c} ++ ''; ++ ++ # Okay, so we have a file descriptor shipped out of the FOD now. But the ++ # Nix store is read-only, right? .. Well, yeah. But this file descriptor ++ # lives in a mount namespace where it is not! So even when this file exists ++ # in the actual Nix store, we're capable of just modifying its contents... ++ smuggler = pkgs.writeCBin "smuggler" (builtins.readFile ./smuggler.c); ++ ++ # The abstract socket path used to exfiltrate the file descriptor ++ socketName = "FODSandboxExfiltrationSocket"; ++in ++{ ++ name = "ca-fd-leak"; ++ ++ nodes.machine = ++ { config, lib, pkgs, ... }: ++ { virtualisation.writableStore = true; ++ nix.settings.substituters = lib.mkForce [ ]; ++ virtualisation.additionalPaths = [ pkgs.busybox-sandbox-shell sender smuggler pkgs.socat ]; ++ }; ++ ++ testScript = { nodes }: '' ++ start_all() ++ ++ machine.succeed("echo hello") ++ # Start the smuggler server ++ machine.succeed("${smuggler}/bin/smuggler ${socketName} >&2 &") ++ ++ # Build the smuggled derivation. ++ # This will connect to the smuggler server and send it the file descriptor ++ machine.succeed(r""" ++ nix-build -E ' ++ builtins.derivation { ++ name = "smuggled"; ++ system = builtins.currentSystem; ++ # look ma, no tricks! ++ outputHashMode = "flat"; ++ outputHashAlgo = "sha256"; ++ outputHash = builtins.hashString "sha256" "hello, world\n"; ++ builder = "${pkgs.busybox-sandbox-shell}/bin/sh"; ++ args = [ "-c" "echo \"hello, world\" > $out; ''${${sender}} ${socketName}" ]; ++ }' ++ """.strip()) ++ ++ ++ # Tell the smuggler server that we're done ++ machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}") ++ ++ # Check that the file was modified ++ machine.succeed(r""" ++ cat ./result ++ test "$(cat ./result)" = "hello, world" ++ """.strip()) ++ ''; ++ ++} +diff --git a/tests/nixos/ca-fd-leak/sender.c b/tests/nixos/ca-fd-leak/sender.c +new file mode 100644 +index 000000000..75e54fc8f +--- /dev/null ++++ b/tests/nixos/ca-fd-leak/sender.c +@@ -0,0 +1,65 @@ ++#include <sys/socket.h> ++#include <sys/un.h> ++#include <stdlib.h> ++#include <stddef.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <fcntl.h> ++#include <errno.h> ++#include <string.h> ++#include <assert.h> ++ ++int main(int argc, char **argv) { ++ ++ assert(argc == 2); ++ ++ int sock = socket(AF_UNIX, SOCK_STREAM, 0); ++ ++ // Set up a abstract domain socket path to connect to. ++ struct sockaddr_un data; ++ data.sun_family = AF_UNIX; ++ data.sun_path[0] = 0; ++ strcpy(data.sun_path + 1, argv[1]); ++ ++ // Now try to connect, To ensure we work no matter what order we are ++ // executed in, just busyloop here. ++ int res = -1; ++ while (res < 0) { ++ res = connect(sock, (const struct sockaddr *)&data, ++ offsetof(struct sockaddr_un, sun_path) ++ + strlen(argv[1]) ++ + 1); ++ if (res < 0 && errno != ECONNREFUSED) perror("connect"); ++ if (errno != ECONNREFUSED) break; ++ } ++ ++ // Write our message header. ++ struct msghdr msg = {0}; ++ msg.msg_control = malloc(128); ++ msg.msg_controllen = 128; ++ ++ // Write an SCM_RIGHTS message containing the output path. ++ struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg); ++ hdr->cmsg_len = CMSG_LEN(sizeof(int)); ++ hdr->cmsg_level = SOL_SOCKET; ++ hdr->cmsg_type = SCM_RIGHTS; ++ int fd = open(getenv("out"), O_RDWR | O_CREAT, 0640); ++ memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int)); ++ ++ msg.msg_controllen = CMSG_SPACE(sizeof(int)); ++ ++ // Write a single null byte too. ++ msg.msg_iov = malloc(sizeof(struct iovec)); ++ msg.msg_iov[0].iov_base = ""; ++ msg.msg_iov[0].iov_len = 1; ++ msg.msg_iovlen = 1; ++ ++ // Send it to the othher side of this connection. ++ res = sendmsg(sock, &msg, 0); ++ if (res < 0) perror("sendmsg"); ++ int buf; ++ ++ // Wait for the server to close the socket, implying that it has ++ // received the commmand. ++ recv(sock, (void *)&buf, sizeof(int), 0); ++} +diff --git a/tests/nixos/ca-fd-leak/smuggler.c b/tests/nixos/ca-fd-leak/smuggler.c +new file mode 100644 +index 000000000..82acf37e6 +--- /dev/null ++++ b/tests/nixos/ca-fd-leak/smuggler.c +@@ -0,0 +1,66 @@ ++#include <sys/socket.h> ++#include <sys/un.h> ++#include <stdlib.h> ++#include <stddef.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <assert.h> ++ ++int main(int argc, char **argv) { ++ ++ assert(argc == 2); ++ ++ int sock = socket(AF_UNIX, SOCK_STREAM, 0); ++ ++ // Bind to the socket. ++ struct sockaddr_un data; ++ data.sun_family = AF_UNIX; ++ data.sun_path[0] = 0; ++ strcpy(data.sun_path + 1, argv[1]); ++ int res = bind(sock, (const struct sockaddr *)&data, ++ offsetof(struct sockaddr_un, sun_path) ++ + strlen(argv[1]) ++ + 1); ++ if (res < 0) perror("bind"); ++ ++ res = listen(sock, 1); ++ if (res < 0) perror("listen"); ++ ++ int smuggling_fd = -1; ++ ++ // Accept the connection a first time to receive the file descriptor. ++ fprintf(stderr, "%s\n", "Waiting for the first connection"); ++ int a = accept(sock, 0, 0); ++ if (a < 0) perror("accept"); ++ ++ struct msghdr msg = {0}; ++ msg.msg_control = malloc(128); ++ msg.msg_controllen = 128; ++ ++ // Receive the file descriptor as sent by the smuggler. ++ recvmsg(a, &msg, 0); ++ ++ struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg); ++ while (hdr) { ++ if (hdr->cmsg_level == SOL_SOCKET ++ && hdr->cmsg_type == SCM_RIGHTS) { ++ ++ // Grab the copy of the file descriptor. ++ memcpy((void *)&smuggling_fd, CMSG_DATA(hdr), sizeof(int)); ++ } ++ ++ hdr = CMSG_NXTHDR(&msg, hdr); ++ } ++ fprintf(stderr, "%s\n", "Got the file descriptor. Now waiting for the second connection"); ++ close(a); ++ ++ // Wait for a second connection, which will tell us that the build is ++ // done ++ a = accept(sock, 0, 0); ++ fprintf(stderr, "%s\n", "Got a second connection, rewriting the file"); ++ // Write a new content to the file ++ if (ftruncate(smuggling_fd, 0)) perror("ftruncate"); ++ char * new_content = "Pwned\n"; ++ int written_bytes = write(smuggling_fd, new_content, strlen(new_content)); ++ if (written_bytes != strlen(new_content)) perror("write"); ++} +diff --git a/tests/nixos/default.nix b/tests/nixos/default.nix +index 4459aa664..4c1cf785c 100644 +--- a/tests/nixos/default.nix ++++ b/tests/nixos/default.nix +@@ -40,4 +40,6 @@ in + setuid = lib.genAttrs + ["i686-linux" "x86_64-linux"] + (system: runNixOSTestFor system ./setuid.nix); ++ ++ ca-fd-leak = runNixOSTestFor "x86_64-linux" ./ca-fd-leak; + } +-- +2.42.0 + + +From 558dab42315f493aa4e8480a57c2d3b0834392ec Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= + <theophane.hufschmitt@tweag.io> +Date: Tue, 13 Feb 2024 08:28:02 +0100 +Subject: [PATCH 2/4] Copy the output of fixed-output derivations before + registering them + +It is possible to exfiltrate a file descriptor out of the build sandbox +of FODs, and use it to modify the store path after it has been +registered. +To avoid that issue, don't register the output of the build, but a copy +of it (that will be free of any leaked file descriptor). +--- + src/libstore/build/local-derivation-goal.cc | 6 ++++++ + src/libutil/file-system.cc | 5 +++++ + src/libutil/file-system.hh | 7 +++++++ + 3 files changed, 18 insertions(+) + +diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc +index a9f930773..d83c47d00 100644 +--- a/src/libstore/build/local-derivation-goal.cc ++++ b/src/libstore/build/local-derivation-goal.cc +@@ -2543,6 +2543,12 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs() + [&](const DerivationOutput::CAFixed & dof) { + auto & wanted = dof.ca.hash; + ++ // Replace the output by a fresh copy of itself to make sure ++ // that there's no stale file descriptor pointing to it ++ Path tmpOutput = actualPath + ".tmp"; ++ copyFile(actualPath, tmpOutput, true); ++ renameFile(tmpOutput, actualPath); ++ + auto newInfo0 = newInfoFromCA(DerivationOutput::CAFloating { + .method = dof.ca.method, + .hashType = wanted.type, +diff --git a/src/libutil/file-system.cc b/src/libutil/file-system.cc +index c96effff9..777f83c30 100644 +--- a/src/libutil/file-system.cc ++++ b/src/libutil/file-system.cc +@@ -616,6 +616,11 @@ void copy(const fs::directory_entry & from, const fs::path & to, bool andDelete) + } + } + ++void copyFile(const Path & oldPath, const Path & newPath, bool andDelete) ++{ ++ return copy(fs::directory_entry(fs::path(oldPath)), fs::path(newPath), andDelete); ++} ++ + void renameFile(const Path & oldName, const Path & newName) + { + fs::rename(oldName, newName); +diff --git a/src/libutil/file-system.hh b/src/libutil/file-system.hh +index 4637507b3..71db7d8bc 100644 +--- a/src/libutil/file-system.hh ++++ b/src/libutil/file-system.hh +@@ -186,6 +186,13 @@ void renameFile(const Path & src, const Path & dst); + */ + void moveFile(const Path & src, const Path & dst); + ++/** ++ * Recursively copy the content of `oldPath` to `newPath`. If `andDelete` is ++ * `true`, then also remove `oldPath` (making this equivalent to `moveFile`, but ++ * with the guaranty that the destination will be “fresh”, with no stale inode ++ * or file descriptor pointing to it). ++ */ ++void copyFile(const Path & oldPath, const Path & newPath, bool andDelete); + + /** + * Automatic cleanup of resources. +-- +2.42.0 + + +From 6adce5c3baddf20a5865a646a6d5117e83693497 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= + <7226587+thufschmitt@users.noreply.github.com> +Date: Wed, 21 Feb 2024 17:32:36 +0100 +Subject: [PATCH 3/4] Fix a typo in a test comment + +Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> +--- + tests/nixos/ca-fd-leak/default.nix | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix +index 40e57ea02..a6ae72adc 100644 +--- a/tests/nixos/ca-fd-leak/default.nix ++++ b/tests/nixos/ca-fd-leak/default.nix +@@ -80,7 +80,7 @@ in + # Tell the smuggler server that we're done + machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}") + +- # Check that the file was modified ++ # Check that the file was not modified + machine.succeed(r""" + cat ./result + test "$(cat ./result)" = "hello, world" +-- +2.42.0 + + +From 7a803d9d5460cc990f20eff7d4d5a3623298c15b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= + <theophane.hufschmitt@tweag.io> +Date: Fri, 1 Mar 2024 09:31:05 +0100 +Subject: [PATCH 4/4] Add release notes + +--- + doc/manual/rl-next/fod-sandbox-escape.md | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + create mode 100644 doc/manual/rl-next/fod-sandbox-escape.md + +diff --git a/doc/manual/rl-next/fod-sandbox-escape.md b/doc/manual/rl-next/fod-sandbox-escape.md +new file mode 100644 +index 000000000..ed451711e +--- /dev/null ++++ b/doc/manual/rl-next/fod-sandbox-escape.md +@@ -0,0 +1,14 @@ ++--- ++synopsis: Fix a FOD sandbox escape ++issues: ++prs: ++--- ++ ++Cooperating Nix derivations could send file descriptors to files in the Nix ++store to each other via Unix domain sockets in the abstract namespace. This ++allowed one derivation to modify the output of the other derivation, after Nix ++has registered the path as "valid" and immutable in the Nix database. ++In particular, this allowed the output of fixed-output derivations to be ++modified from their expected content. ++ ++This isn't the case any more. +-- +2.42.0 diff --git a/nixpkgs/pkgs/tools/package-management/nix/patches/2_3/CVE-2024-27297.patch b/nixpkgs/pkgs/tools/package-management/nix/patches/2_3/CVE-2024-27297.patch new file mode 100644 index 000000000000..b8201cb99ef5 --- /dev/null +++ b/nixpkgs/pkgs/tools/package-management/nix/patches/2_3/CVE-2024-27297.patch @@ -0,0 +1,375 @@ +From 9c0be4c156e74a3e7e0d33b04d870642350e72d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= + <theophane.hufschmitt@tweag.io> +Date: Mon, 12 Feb 2024 21:28:20 +0100 +Subject: [PATCH 1/4] Add a NixOS test for the sandbox escape + +Test that we can't leverage abstract unix domain sockets to leak file +descriptors out of the sandbox and modify the path after it has been +registered. +--- + release.nix | 5 ++ + tests/nixos/ca-fd-leak/default.nix | 93 ++++++++++++++++++++++++++++++ + tests/nixos/ca-fd-leak/sender.c | 65 +++++++++++++++++++++ + tests/nixos/ca-fd-leak/smuggler.c | 66 +++++++++++++++++++++ + 4 files changed, 229 insertions(+) + create mode 100644 tests/nixos/ca-fd-leak/default.nix + create mode 100644 tests/nixos/ca-fd-leak/sender.c + create mode 100644 tests/nixos/ca-fd-leak/smuggler.c + +diff --git a/release.nix b/release.nix +index f468946c5..2e71f3796 100644 +--- a/release.nix ++++ b/release.nix +@@ -235,6 +235,11 @@ let + nix = build.x86_64-linux; system = "x86_64-linux"; + }); + ++ tests.ca-fd-leak = (import ./tests/nixos/ca-fd-leak rec { ++ inherit nixpkgs; ++ nix = build.x86_64-linux; system = "x86_64-linux"; ++ }); ++ + tests.setuid = pkgs.lib.genAttrs + ["i686-linux" "x86_64-linux"] + (system: +diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix +new file mode 100644 +index 000000000..c252caa4d +--- /dev/null ++++ b/tests/nixos/ca-fd-leak/default.nix +@@ -0,0 +1,93 @@ ++# Nix is a sandboxed build system. But Not everything can be handled inside its ++# sandbox: Network access is normally blocked off, but to download sources, a ++# trapdoor has to exist. Nix handles this by having "Fixed-output derivations". ++# The detail here is not important, but in our case it means that the hash of ++# the output has to be known beforehand. And if you know that, you get a few ++# rights: you no longer run inside a special network namespace! ++# ++# Now, Linux has a special feature, that not many other unices do: Abstract ++# unix domain sockets! Not only that, but those are namespaced using the ++# network namespace! That means that we have a way to create sockets that are ++# available in every single fixed-output derivation, and also all processes ++# running on the host machine! Now, this wouldn't be that much of an issue, as, ++# well, the whole idea is that the output is pure, and all processes in the ++# sandbox are killed before finalizing the output. What if we didn't need those ++# processes at all? Unix domain sockets have a semi-known trick: you can pass ++# file descriptors around! ++# This makes it possible to exfiltrate a file-descriptor with write access to ++# $out outside of the sandbox. And that file-descriptor can be used to modify ++# the contents of the store path after it has been registered. ++ ++{ nixpkgs, system, nix }: ++ ++with import (nixpkgs + "/nixos/lib/testing-python.nix") { ++ inherit system; ++}; ++ ++let ++ # Simple C program that sends a a file descriptor to `$out` to a Unix ++ # domain socket. ++ # Compiled statically so that we can easily send it to the VM and use it ++ # inside the build sandbox. ++ sender = pkgs.runCommandWith { ++ name = "sender"; ++ stdenv = pkgs.pkgsStatic.stdenv; ++ } '' ++ $CC -static -o $out ${./sender.c} ++ ''; ++ ++ # Okay, so we have a file descriptor shipped out of the FOD now. But the ++ # Nix store is read-only, right? .. Well, yeah. But this file descriptor ++ # lives in a mount namespace where it is not! So even when this file exists ++ # in the actual Nix store, we're capable of just modifying its contents... ++ smuggler = pkgs.writeCBin "smuggler" (builtins.readFile ./smuggler.c); ++ ++ # The abstract socket path used to exfiltrate the file descriptor ++ socketName = "FODSandboxExfiltrationSocket"; ++in ++makeTest { ++ name = "ca-fd-leak"; ++ ++ nodes.machine = ++ { config, lib, pkgs, ... }: ++ { virtualisation.writableStore = true; ++ virtualisation.pathsInNixDB = [ pkgs.busybox-sandbox-shell sender smuggler pkgs.socat ]; ++ nix.binaryCaches = [ ]; ++ nix.package = nix; ++ }; ++ ++ testScript = { nodes }: '' ++ start_all() ++ ++ machine.succeed("echo hello") ++ # Start the smuggler server ++ machine.succeed("${smuggler}/bin/smuggler ${socketName} >&2 &") ++ ++ # Build the smuggled derivation. ++ # This will connect to the smuggler server and send it the file descriptor ++ machine.succeed(r""" ++ nix-build -E ' ++ builtins.derivation { ++ name = "smuggled"; ++ system = builtins.currentSystem; ++ # look ma, no tricks! ++ outputHashMode = "flat"; ++ outputHashAlgo = "sha256"; ++ outputHash = builtins.hashString "sha256" "hello, world\n"; ++ builder = "${pkgs.busybox-sandbox-shell}/bin/sh"; ++ args = [ "-c" "echo \"hello, world\" > $out; ''${${sender}} ${socketName}" ]; ++ }' ++ """.strip()) ++ ++ ++ # Tell the smuggler server that we're done ++ machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}") ++ ++ # Check that the file was modified ++ machine.succeed(r""" ++ cat ./result ++ test "$(cat ./result)" = "hello, world" ++ """.strip()) ++ ''; ++ ++} +diff --git a/tests/nixos/ca-fd-leak/sender.c b/tests/nixos/ca-fd-leak/sender.c +new file mode 100644 +index 000000000..75e54fc8f +--- /dev/null ++++ b/tests/nixos/ca-fd-leak/sender.c +@@ -0,0 +1,65 @@ ++#include <sys/socket.h> ++#include <sys/un.h> ++#include <stdlib.h> ++#include <stddef.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <fcntl.h> ++#include <errno.h> ++#include <string.h> ++#include <assert.h> ++ ++int main(int argc, char **argv) { ++ ++ assert(argc == 2); ++ ++ int sock = socket(AF_UNIX, SOCK_STREAM, 0); ++ ++ // Set up a abstract domain socket path to connect to. ++ struct sockaddr_un data; ++ data.sun_family = AF_UNIX; ++ data.sun_path[0] = 0; ++ strcpy(data.sun_path + 1, argv[1]); ++ ++ // Now try to connect, To ensure we work no matter what order we are ++ // executed in, just busyloop here. ++ int res = -1; ++ while (res < 0) { ++ res = connect(sock, (const struct sockaddr *)&data, ++ offsetof(struct sockaddr_un, sun_path) ++ + strlen(argv[1]) ++ + 1); ++ if (res < 0 && errno != ECONNREFUSED) perror("connect"); ++ if (errno != ECONNREFUSED) break; ++ } ++ ++ // Write our message header. ++ struct msghdr msg = {0}; ++ msg.msg_control = malloc(128); ++ msg.msg_controllen = 128; ++ ++ // Write an SCM_RIGHTS message containing the output path. ++ struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg); ++ hdr->cmsg_len = CMSG_LEN(sizeof(int)); ++ hdr->cmsg_level = SOL_SOCKET; ++ hdr->cmsg_type = SCM_RIGHTS; ++ int fd = open(getenv("out"), O_RDWR | O_CREAT, 0640); ++ memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int)); ++ ++ msg.msg_controllen = CMSG_SPACE(sizeof(int)); ++ ++ // Write a single null byte too. ++ msg.msg_iov = malloc(sizeof(struct iovec)); ++ msg.msg_iov[0].iov_base = ""; ++ msg.msg_iov[0].iov_len = 1; ++ msg.msg_iovlen = 1; ++ ++ // Send it to the othher side of this connection. ++ res = sendmsg(sock, &msg, 0); ++ if (res < 0) perror("sendmsg"); ++ int buf; ++ ++ // Wait for the server to close the socket, implying that it has ++ // received the commmand. ++ recv(sock, (void *)&buf, sizeof(int), 0); ++} +diff --git a/tests/nixos/ca-fd-leak/smuggler.c b/tests/nixos/ca-fd-leak/smuggler.c +new file mode 100644 +index 000000000..82acf37e6 +--- /dev/null ++++ b/tests/nixos/ca-fd-leak/smuggler.c +@@ -0,0 +1,66 @@ ++#include <sys/socket.h> ++#include <sys/un.h> ++#include <stdlib.h> ++#include <stddef.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <assert.h> ++ ++int main(int argc, char **argv) { ++ ++ assert(argc == 2); ++ ++ int sock = socket(AF_UNIX, SOCK_STREAM, 0); ++ ++ // Bind to the socket. ++ struct sockaddr_un data; ++ data.sun_family = AF_UNIX; ++ data.sun_path[0] = 0; ++ strcpy(data.sun_path + 1, argv[1]); ++ int res = bind(sock, (const struct sockaddr *)&data, ++ offsetof(struct sockaddr_un, sun_path) ++ + strlen(argv[1]) ++ + 1); ++ if (res < 0) perror("bind"); ++ ++ res = listen(sock, 1); ++ if (res < 0) perror("listen"); ++ ++ int smuggling_fd = -1; ++ ++ // Accept the connection a first time to receive the file descriptor. ++ fprintf(stderr, "%s\n", "Waiting for the first connection"); ++ int a = accept(sock, 0, 0); ++ if (a < 0) perror("accept"); ++ ++ struct msghdr msg = {0}; ++ msg.msg_control = malloc(128); ++ msg.msg_controllen = 128; ++ ++ // Receive the file descriptor as sent by the smuggler. ++ recvmsg(a, &msg, 0); ++ ++ struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg); ++ while (hdr) { ++ if (hdr->cmsg_level == SOL_SOCKET ++ && hdr->cmsg_type == SCM_RIGHTS) { ++ ++ // Grab the copy of the file descriptor. ++ memcpy((void *)&smuggling_fd, CMSG_DATA(hdr), sizeof(int)); ++ } ++ ++ hdr = CMSG_NXTHDR(&msg, hdr); ++ } ++ fprintf(stderr, "%s\n", "Got the file descriptor. Now waiting for the second connection"); ++ close(a); ++ ++ // Wait for a second connection, which will tell us that the build is ++ // done ++ a = accept(sock, 0, 0); ++ fprintf(stderr, "%s\n", "Got a second connection, rewriting the file"); ++ // Write a new content to the file ++ if (ftruncate(smuggling_fd, 0)) perror("ftruncate"); ++ char * new_content = "Pwned\n"; ++ int written_bytes = write(smuggling_fd, new_content, strlen(new_content)); ++ if (written_bytes != strlen(new_content)) perror("write"); ++} + +From 8c27eb6c1bc490c9d2f3c7c1dedb1ca3c8e00759 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= + <theophane.hufschmitt@tweag.io> +Date: Tue, 13 Feb 2024 08:28:02 +0100 +Subject: [PATCH 2/4] Copy the output of fixed-output derivations before + registering them + +It is possible to exfiltrate a file descriptor out of the build sandbox +of FODs, and use it to modify the store path after it has been +registered. +To avoid that issue, don't register the output of the build, but a copy +of it (that will be free of any leaked file descriptor). +--- + src/libstore/build.cc | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/libstore/build.cc b/src/libstore/build.cc +index d3a712c1a..3fb827a15 100644 +--- a/src/libstore/build.cc ++++ b/src/libstore/build.cc +@@ -3286,10 +3286,17 @@ void DerivationGoal::registerOutputs() + throw BuildError(format("suspicious ownership or permission on '%1%'; rejecting this build output") % path); + #endif + +- /* Apply hash rewriting if necessary. */ ++ /* Apply hash rewriting if necessary. ++ * ++ * For FODs, we always do the dump-and-restore dance regardless to make ++ * sure that there's no stale file descriptor pointing to the output ++ * of the path. ++ * */ + bool rewritten = false; +- if (!outputRewrites.empty()) { ++ if (fixedOutput || !outputRewrites.empty()) { ++ if (!outputRewrites.empty()) { + printError(format("warning: rewriting hashes in '%1%'; cross fingers") % path); ++ } + + /* Canonicalise first. This ensures that the path we're + rewriting doesn't contain a hard link to /etc/shadow or + +From 2064277b0566c361339d55fbbf46edbc2519f3b3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= + <7226587+thufschmitt@users.noreply.github.com> +Date: Wed, 21 Feb 2024 17:32:36 +0100 +Subject: [PATCH 3/4] Fix a typo in a test comment + +Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> +--- + tests/nixos/ca-fd-leak/default.nix | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/nixos/ca-fd-leak/default.nix b/tests/nixos/ca-fd-leak/default.nix +index c252caa4d..2fd5ca2d6 100644 +--- a/tests/nixos/ca-fd-leak/default.nix ++++ b/tests/nixos/ca-fd-leak/default.nix +@@ -83,7 +83,7 @@ makeTest { + # Tell the smuggler server that we're done + machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}") + +- # Check that the file was modified ++ # Check that the file was not modified + machine.succeed(r""" + cat ./result + test "$(cat ./result)" = "hello, world" + +From 8604f6d32976fbdf84e46f75cbfa2446209b8a6b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= + <theophane.hufschmitt@tweag.io> +Date: Fri, 1 Mar 2024 09:31:05 +0100 +Subject: [PATCH 4/4] Add release notes + +--- + doc/manual/rl-next/fod-sandbox-escape.md | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + create mode 100644 doc/manual/rl-next/fod-sandbox-escape.md + +diff --git a/doc/manual/rl-next/fod-sandbox-escape.md b/doc/manual/rl-next/fod-sandbox-escape.md +new file mode 100644 +index 000000000..ed451711e +--- /dev/null ++++ b/doc/manual/rl-next/fod-sandbox-escape.md +@@ -0,0 +1,14 @@ ++--- ++synopsis: Fix a FOD sandbox escape ++issues: ++prs: ++--- ++ ++Cooperating Nix derivations could send file descriptors to files in the Nix ++store to each other via Unix domain sockets in the abstract namespace. This ++allowed one derivation to modify the output of the other derivation, after Nix ++has registered the path as "valid" and immutable in the Nix database. ++In particular, this allowed the output of fixed-output derivations to be ++modified from their expected content. ++ ++This isn't the case any more. diff --git a/nixpkgs/pkgs/tools/package-management/pacman/default.nix b/nixpkgs/pkgs/tools/package-management/pacman/default.nix index 800e392f0f24..90252dca9cb2 100644 --- a/nixpkgs/pkgs/tools/package-management/pacman/default.nix +++ b/nixpkgs/pkgs/tools/package-management/pacman/default.nix @@ -1,7 +1,6 @@ { lib , stdenv -, fetchpatch -, fetchurl +, fetchFromGitLab , asciidoc , binutils , coreutils @@ -39,19 +38,23 @@ , sysHookDir ? "/usr/share/libalpm/hooks/" }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (final: { pname = "pacman"; - version = "6.0.2"; + version = "6.1.0"; - src = fetchurl { - url = "https://sources.archlinux.org/other/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-fY4+jFEhrsCWXfcfWb7fRgUsbPFPljZcRBHsPeCkwaU="; + src = fetchFromGitLab { + domain = "gitlab.archlinux.org"; + owner = "pacman"; + repo = "pacman"; + rev = "v${final.version}"; + hash = "sha256-uHBq1A//YSqFATlyqjC5ZgmvPkNKqp7sVew+nbmLH78="; }; strictDeps = true; nativeBuildInputs = [ asciidoc + gettext installShellFiles libarchive makeWrapper @@ -71,11 +74,6 @@ stdenv.mkDerivation rec { patches = [ ./dont-create-empty-dirs.patch - # Add keyringdir meson option to configure the keyring directory - (fetchpatch { - url = "https://gitlab.archlinux.org/pacman/pacman/-/commit/79bd512181af12ec80fd8f79486fc9508fa4a1b3.patch"; - hash = "sha256-ivTPwWe06Q5shn++R6EY0x3GC0P4X0SuC+F5sndfAtM="; - }) ]; postPatch = let compressionTools = [ @@ -93,16 +91,16 @@ stdenv.mkDerivation rec { substituteInPlace meson.build \ --replace "install_dir : SYSCONFDIR" "install_dir : '$out/etc'" \ --replace "join_paths(DATAROOTDIR, 'libalpm/hooks/')" "'${sysHookDir}'" \ - --replace "join_paths(PREFIX, DATAROOTDIR, get_option('keyringdir'))" "'\$KEYRING_IMPORT_DIR'" + --replace "join_paths(PREFIX, DATAROOTDIR, get_option('keyringdir'))" "'\$KEYRING_IMPORT_DIR'" \ + --replace "join_paths(SYSCONFDIR, 'makepkg.conf.d/')" "'$out/etc/makepkg.conf.d/'" substituteInPlace doc/meson.build \ --replace "/bin/true" "${coreutils}/bin/true" substituteInPlace scripts/repo-add.sh.in \ --replace bsdtar "${libarchive}/bin/bsdtar" substituteInPlace scripts/pacman-key.sh.in \ --replace "local KEYRING_IMPORT_DIR='@keyringdir@'" "" \ - --subst-var-by keyringdir '\$KEYRING_IMPORT_DIR' \ - --replace "--batch --check-trustdb" "--batch --check-trustdb --allow-weak-key-signatures" - ''; # the line above should be removed once Arch migrates to gnupg 2.3.x + --subst-var-by keyringdir '\$KEYRING_IMPORT_DIR' + ''; mesonFlags = [ "--sysconfdir=/etc" @@ -132,6 +130,7 @@ stdenv.mkDerivation rec { changelog = "https://gitlab.archlinux.org/pacman/pacman/-/raw/v${version}/NEWS"; license = licenses.gpl2Plus; platforms = platforms.linux; + mainProgram = "pacman"; maintainers = with maintainers; [ samlukeyes123 ]; }; -} +}) diff --git a/nixpkgs/pkgs/tools/package-management/pdm/default.nix b/nixpkgs/pkgs/tools/package-management/pdm/default.nix index 957b11b084fa..88ed0768b1d8 100644 --- a/nixpkgs/pkgs/tools/package-management/pdm/default.nix +++ b/nixpkgs/pkgs/tools/package-management/pdm/default.nix @@ -35,14 +35,14 @@ in with python.pkgs; buildPythonApplication rec { pname = "pdm"; - version = "2.12.3"; + version = "2.12.4"; pyproject = true; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-U82rcnwUaf3Blu/Y1/+EBKPKke5DwKVxRzbyAg0KXd8="; + hash = "sha256-0Eh3Ni+Vz5/8HSw4uFH2k3BuSSiEDkiYauV22tV0FJY="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/package-management/poetry/unwrapped.nix b/nixpkgs/pkgs/tools/package-management/poetry/unwrapped.nix index cf4b0334dcd6..5e2cc63644ab 100644 --- a/nixpkgs/pkgs/tools/package-management/poetry/unwrapped.nix +++ b/nixpkgs/pkgs/tools/package-management/poetry/unwrapped.nix @@ -38,8 +38,8 @@ buildPythonPackage rec { pname = "poetry"; - version = "1.8.1"; - format = "pyproject"; + version = "1.8.2"; + pyproject = true; disabled = pythonOlder "3.8"; @@ -47,7 +47,7 @@ buildPythonPackage rec { owner = "python-poetry"; repo = "poetry"; rev = "refs/tags/${version}"; - hash = "sha256-tHtd5vO3TMjO0gqyECuS0FUAcE90nkKZwOm3ne6poFQ="; + hash = "sha256-MBWVeS/UHpzeeNUeiHMoXnLA3enRO/6yGIbg4Vf2GxU="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/package-management/protontricks/default.nix b/nixpkgs/pkgs/tools/package-management/protontricks/default.nix index 462a2546ff5d..c3c43163c671 100644 --- a/nixpkgs/pkgs/tools/package-management/protontricks/default.nix +++ b/nixpkgs/pkgs/tools/package-management/protontricks/default.nix @@ -16,13 +16,13 @@ buildPythonApplication rec { pname = "protontricks"; - version = "1.11.0"; + version = "1.11.1"; src = fetchFromGitHub { owner = "Matoking"; repo = pname; rev = version; - sha256 = "sha256-5FpcIaQodvNjdqUfD9hvXlrdhszr98j0zm3MCCpZFoc="; + sha256 = "sha256-a40IAFrzQ0mogMoXKb+Lp0fPc1glYophqtftigk3nAc="; }; patches = [ |