GNU bug report logs - #51833
SECURITY: Sanitize the permissions for guix daemon socket?

Previous Next

Package: guix;

Reported by: Jacob Hrbek <kreyren <at> rixotstudio.cz>

Date: Sun, 14 Nov 2021 09:20:01 UTC

Severity: normal

Done: Tobias Geerinckx-Rice <me <at> tobias.gr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Jacob Hrbek <kreyren <at> rixotstudio.cz>
To: "51833 <at> debbugs.gnu.org" <51833 <at> debbugs.gnu.org>
Subject: bug#51833: (No Subject)
Date: Sun, 14 Nov 2021 09:49:48 +0000

[Message part 1 (text/plain, inline)]

Discussed on IRC/Matrix https://matrix.to/#/!sHzxAiaYPGfEPSGCzf:libera.chat/$TNunZ_vCWYxNGw-XDyCgKyKobccakb2A9noppM8kkTo?via=libera.chat&via=matrix.org&via=tchncs.de concluded to not be a security issue.

My concern was malicious user caching a malicious derivation trying to force root user to invoke it to unleash the payload, but that is not possible due to the use of GPG with the guix repo to prevent injection of malicious DNS server through DHCP.

-- Jacob "Kreyren" Hrbek

Sent with ProtonMail Secure Email.

[Message part 2 (text/html, inline)]

[publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc (application/pgp-keys, attachment)]

[signature.asc (application/pgp-signature, attachment)]

This bug report was last modified 3 years and 194 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #51833 SECURITY: Sanitize the permissions for guix daemon socket?

GNU bug report logs - #51833
SECURITY: Sanitize the permissions for guix daemon socket?