GNU bug report logs -
#37744
Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192)
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Mon, 14 Oct 2019 07:48:02 UTC
Severity: important
Tags: security
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Hi Ludo, Tobias,
On +2019-10-17 22:25:58 +0200, Ludovic Courtès wrote:
> Hallo!
>
> Tobias Geerinckx-Rice <me <at> tobias.gr> skribis:
>
> > Ludovic Courtès 写道:
> >> See https://issues.guix.gnu.org/issue/37744
> >
> > Will this be automatically linkified?
>
> Yes, I think so.
>
> >> # Upgrading
> >>
> >> On multi-user systems, we recommend upgrading the daemon now.
> >>
> >> To upgrade the daemon on a “foreign distro”, run something along
> >> these
> >
> > Imperialist nitpick: why list the foreigners first? :-)
> >
> > Anti-imperialist nitpick: reversing the two allows using ‘other
> > distributions’ instead of ‘foreign’ which always sounds a bit
> > dismissive to my ears.
> >
> > End nitpick.
>
> That makes sense to me; I’m not satisfied with “foreign” either (I think
> the inspiration came from FFIs, but still). Maybe “fellow distros”?
> :-)
Is not the important distinction whether the "foreign distro" can be generated
with pure guix libre components using a pure guix tool chain vs not?
Maybe define a (guix-auditable? "/") test and then s/foreign/non-guix-auditable/g
in docs and discussions?
Just a thought :)
__
Regards,
Bengt Richter
This bug report was last modified 5 years and 300 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.