diff options
Diffstat (limited to 'posts/2019/42/en_US.md')
-rw-r--r-- | posts/2019/42/en_US.md | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/posts/2019/42/en_US.md b/posts/2019/42/en_US.md deleted file mode 100644 index 1037575..0000000 --- a/posts/2019/42/en_US.md +++ /dev/null @@ -1,12 +0,0 @@ -synopsis: guix-daemon security issue ---- - -### Highlights - -#### Insecure `/var/guix/profiles/per-user` permissions. - -On a multi-user system, this allowed a malicious user to create and -populate that `$USER` sub-directory for another user that had not yet -logged in. Since `/var/.../$USER` is in `$PATH`, the target user -could end up running attacker-provided code. See [issue -37744](https://issues.guix.gnu.org/issue/37744) for more information. |