GNU bug report logs - #47229
Local privilege escalation via guix-daemon and ‘--keep-failed’

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Thu, 18 Mar 2021 11:18:02 UTC

Severity: serious

Tags: fixed, security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: 47229 <at> debbugs.gnu.org
Cc: Leo Famulari <leo <at> famulari.name>
Subject: bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’
Date: Thu, 18 Mar 2021 14:14:28 +0100

An additional data point: guix-daemon chowns build trees to the caller
upon failure (a very handy feature) since this 2016 commit:

  https://git.savannah.gnu.org/cgit/guix.git/commit/?id=2608e40988ba8cf51723fe0d21bdedf6b3997c9c

The Nix build daemon, which guix-daemon is based on, did not have this
feature.

This bug report was last modified 4 years and 125 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47229 Local privilege escalation via guix-daemon and ‘--keep-failed’

GNU bug report logs - #47229
Local privilege escalation via guix-daemon and ‘--keep-failed’