From c8cc50d46e78de7ae02c2cb7a5159e995c993f61 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Tue, 6 Jun 2017 18:52:15 +0200
Subject: [PATCH] Disable the build user mechanism on all platforms except
 Linux and OS X

---
 src/libstore/build.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index d12a1a791..d5fe41d1b 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1716,11 +1716,17 @@ void DerivationGoal::startBuilder()
     /* If `build-users-group' is not empty, then we have to build as
        one of the members of that group. */
     if (settings.buildUsersGroup != "" && getuid() == 0) {
+#if defined(__linux__) || defined(__APPLE__)
         buildUser = std::make_unique<UserLock>();
 
         /* Make sure that no other processes are executing under this
            uid. */
         buildUser->kill();
+#else
+        /* Don't know how to block the creation of setuid/setgid
+           binaries on this platform. */
+        throw Error("build users are not supported on this platform for security reasons");
+#endif
     }
 
     /* Create a temporary directory where the build will take
-- 
GitLab