diff options
author | Christopher Baines <mail@cbaines.net> | 2020-01-18 12:23:28 +0000 |
---|---|---|
committer | Christopher Baines <mail@cbaines.net> | 2020-01-18 12:23:28 +0000 |
commit | 6f4a53cf365385ea8d9238d4e327e54c83621062 (patch) | |
tree | aee0e078551f41e01aafcb419d776c6c8dad15f0 /posts/2019/42/en_US.md | |
parent | 39051694bd3b493182f2693e9a4cc9abea49f991 (diff) | |
download | weekly-news-6f4a53cf365385ea8d9238d4e327e54c83621062.tar weekly-news-6f4a53cf365385ea8d9238d4e327e54c83621062.tar.gz |
Delete all the 2019 data, and start again from 2020
This is still a work in progress, so keep things moving forward.
Diffstat (limited to 'posts/2019/42/en_US.md')
-rw-r--r-- | posts/2019/42/en_US.md | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/posts/2019/42/en_US.md b/posts/2019/42/en_US.md deleted file mode 100644 index 1037575..0000000 --- a/posts/2019/42/en_US.md +++ /dev/null @@ -1,12 +0,0 @@ -synopsis: guix-daemon security issue ---- - -### Highlights - -#### Insecure `/var/guix/profiles/per-user` permissions. - -On a multi-user system, this allowed a malicious user to create and -populate that `$USER` sub-directory for another user that had not yet -logged in. Since `/var/.../$USER` is in `$PATH`, the target user -could end up running attacker-provided code. See [issue -37744](https://issues.guix.gnu.org/issue/37744) for more information. |