summaryrefslogtreecommitdiff
path: root/posts/2019/42/en_US.md
diff options
context:
space:
mode:
Diffstat (limited to 'posts/2019/42/en_US.md')
-rw-r--r--posts/2019/42/en_US.md12
1 files changed, 0 insertions, 12 deletions
diff --git a/posts/2019/42/en_US.md b/posts/2019/42/en_US.md
deleted file mode 100644
index 1037575..0000000
--- a/posts/2019/42/en_US.md
+++ /dev/null
@@ -1,12 +0,0 @@
-synopsis: guix-daemon security issue
----
-
-### Highlights
-
-#### Insecure `/var/guix/profiles/per-user` permissions.
-
-On a multi-user system, this allowed a malicious user to create and
-populate that `$USER` sub-directory for another user that had not yet
-logged in. Since `/var/.../$USER` is in `$PATH`, the target user
-could end up running attacker-provided code. See [issue
-37744](https://issues.guix.gnu.org/issue/37744) for more information.
generated by cgit v1.2.3 (git 2.25.4) at 2024-04-26 18:08:53 +0000