From 0d70c43a1691adf19188b50344046ee951565e96 Mon Sep 17 00:00:00 2001
From: Christopher Baines <mail@cbaines.net>
Date: Sun, 3 Nov 2019 11:54:24 +0000
Subject: Customise a couple of the posts

---
 posts/2019/42/en_US.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'posts/2019/42/en_US.md')

diff --git a/posts/2019/42/en_US.md b/posts/2019/42/en_US.md
index ed97d53..1037575 100644
--- a/posts/2019/42/en_US.md
+++ b/posts/2019/42/en_US.md
@@ -1 +1,12 @@
+synopsis: guix-daemon security issue
 ---
+
+### Highlights
+
+#### Insecure `/var/guix/profiles/per-user` permissions.
+
+On a multi-user system, this allowed a malicious user to create and
+populate that `$USER` sub-directory for another user that had not yet
+logged in.  Since `/var/.../$USER` is in `$PATH`, the target user
+could end up running attacker-provided code.  See [issue
+37744](https://issues.guix.gnu.org/issue/37744) for more information.
-- 
cgit v1.2.3