mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-09 07:13:03 +00:00
633a3b8f19
guix has recently announced a security vulnerability that allows local users to gain priveleges of build users, and further manipulate output of any build (including with setguid). This commit fixes the issue by backporting the remediation commits pushed to guix main to 1.4.0 as a patch. Users will still have to reboot and follow other remediation steps as described in the guix blogpost. Refs: https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/ Signed-off-by: Christina Sørensen <christina@cafkafk.com> |
||
---|---|---|
.. | ||
guix-build-user-takeover-fix.patch | ||
package.nix |