diff options
author | Ludovic Courtès <ludo@gnu.org> | 2021-02-09 10:09:09 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2021-02-09 10:09:09 +0100 |
commit | b421b2f66ec5b39bd1331e276bff5f9698cd65dc (patch) | |
tree | c4f273475d3ec25918b9290a2f807ffdd0930812 /etc/news.scm | |
parent | aa8de806252e3835d57fab351b02d13db762deac (diff) | |
download | guix-b421b2f66ec5b39bd1331e276bff5f9698cd65dc.tar guix-b421b2f66ec5b39bd1331e276bff5f9698cd65dc.tar.gz |
news: Add news entry for local privilege escalation.
* etc/news.scm: Add entry.
Diffstat (limited to 'etc/news.scm')
-rw-r--r-- | etc/news.scm | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/etc/news.scm b/etc/news.scm index 463c2fb3ae..3c26f0a4d6 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -18,6 +18,26 @@ (channel-news (version 0) + (entry (commit "aa8de806252e3835d57fab351b02d13db762deac") + (title + (en "Risk of local privilege escalation @i{via} setuid programs")) + (body + (en "On Guix System, setuid programs were, until now, installed as +setuid-root @emph{and} setgid-root (in the @file{/run/setuid-programs} +directory). However, most of these programs are meant to run as setuid-root, +but not setgid-root. Thus, this setting posed a risk of local privilege +escalation. + +This bug has been fixed and users are advised to upgrade their system, with a +command along the lines of: + +@example +guix system reconfigure /run/current-system/configuration.scm +@end example + +Users of Guix on a ``foreign distro'' are unaffected. See +@url{https://issues.guix.gnu.org/46395} for more information."))) + (entry (commit "aedbc5ff32a62f45aeed74c6833399a6cf2c22dc") (title (en "Create a manifest with @command{guix package --export-manifest}") |