GNU bug report logs - #47229
Local privilege escalation via guix-daemon and ‘--keep-failed’

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Thu, 18 Mar 2021 11:18:02 UTC

Severity: serious

Tags: fixed, security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #31 received at 47229 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Nathan Nye <nnye <at> whitebeamsec.com>
Cc: 47229 <at> debbugs.gnu.org
Subject: Re: bug#47229: Hardlink mitigation limits
Date: Mon, 29 Mar 2021 17:22:30 +0200

Hi Nathan,

Nathan Nye <nnye <at> whitebeamsec.com> skribis:

> I'm sharing here for future reference why protected hardlinks alone
> did not mitigate the recent LPE security advisory, pre-patch:

Thanks a lot for this clarification!

Ludo’.

This bug report was last modified 4 years and 125 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47229 Local privilege escalation via guix-daemon and ‘--keep-failed’

GNU bug report logs - #47229
Local privilege escalation via guix-daemon and ‘--keep-failed’