nixpkgs

mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 07:23:20 +00:00

History

Christina Sørensen 633a3b8f19 guix: build user takeover patch guix has recently announced a security vulnerability that allows local users to gain priveleges of build users, and further manipulate output of any build (including with setguid). This commit fixes the issue by backporting the remediation commits pushed to guix main to 1.4.0 as a patch. Users will still have to reboot and follow other remediation steps as described in the guix blogpost. Refs: https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/ Signed-off-by: Christina Sørensen <christina@cafkafk.com>	2024-10-27 13:57:29 +01:00
..
guix-build-user-takeover-fix.patch	guix: build user takeover patch	2024-10-27 13:57:29 +01:00
package.nix	guix: build user takeover patch	2024-10-27 13:57:29 +01:00

Christina Sørensen 633a3b8f19

guix has recently announced a security vulnerability that allows
local users to gain priveleges of build users, and further manipulate
output of any build (including with setguid).

This commit fixes the issue by backporting the remediation commits pushed to
guix main to 1.4.0 as a patch.

Users will still have to reboot and follow other remediation steps as
described in the guix blogpost.

Refs: https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
Signed-off-by: Christina Sørensen <christina@cafkafk.com>

2024-10-27 13:57:29 +01:00

guix-build-user-takeover-fix.patch

guix: build user takeover patch

2024-10-27 13:57:29 +01:00

package.nix

guix: build user takeover patch

2024-10-27 13:57:29 +01:00