GNU bug report logs - #37744
Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192)

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Mon, 14 Oct 2019 07:48:02 UTC

Severity: important

Tags: security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #112 received at 37744 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Bengt Richter <bokr <at> bokr.com>
Cc: 37744 <at> debbugs.gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr>
Subject: Re: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for
 Nix)
Date: Fri, 18 Oct 2019 16:36:30 +0200

Bengt Richter <bokr <at> bokr.com> skribis:

> On +2019-10-17 22:25:58 +0200, Ludovic Courtès wrote:

[...]

>> > Imperialist nitpick: why list the foreigners first?  :-)
>> >
>> > Anti-imperialist nitpick: reversing the two allows using ‘other
>> > distributions’ instead of ‘foreign’ which always sounds a bit
>> > dismissive to my ears.
>> >
>> > End nitpick.
>> 
>> That makes sense to me; I’m not satisfied with “foreign” either (I think
>> the inspiration came from FFIs, but still).  Maybe “fellow distros”?
>> :-)
>
> Is not the important distinction whether the "foreign distro" can be generated
> with pure guix libre components using a pure guix tool chain vs not?

“Foreign distro” designates any distro other than Guix System.  From a
technical viewpoint, it’s sometimes useful to be able to make that
distinction.

HTH,
Ludo’.

This bug report was last modified 5 years and 300 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #37744 Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192)

GNU bug report logs - #37744
Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192)