synopsis: guix-daemon security issue
---

### Highlights

#### Insecure `/var/guix/profiles/per-user` permissions.

On a multi-user system, this allowed a malicious user to create and
populate that `$USER` sub-directory for another user that had not yet
logged in.  Since `/var/.../$USER` is in `$PATH`, the target user
could end up running attacker-provided code.  See [issue
37744](https://issues.guix.gnu.org/issue/37744) for more information.