blob: 1037575c3ff3a84b8af93476f620f8752af41487 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
|
synopsis: guix-daemon security issue
---
### Highlights
#### Insecure `/var/guix/profiles/per-user` permissions.
On a multi-user system, this allowed a malicious user to create and
populate that `$USER` sub-directory for another user that had not yet
logged in. Since `/var/.../$USER` is in `$PATH`, the target user
could end up running attacker-provided code. See [issue
37744](https://issues.guix.gnu.org/issue/37744) for more information.
|