bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed

From: Ludovic Courtès
Subject: bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’
Date: Thu, 18 Mar 2021 12:45:36 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) 
Ludovic Courtès <ludo@gnu.org> skribis:

> The fix (patch attached) consists in adding a root-owned “wrapper”
> directory in which the build directory itself is located.

The fix has now been pushed:

  
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf

Followed by an update of the ‘guix’ package to make the fix available:

  
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=94f03125463ee0dba2f7916fcd43fd19d4b6c892

We recommend upgrading the daemon (using commit 94f03125 or later).
On Guix System, you achieve that by running something along these lines:

  guix pull
  sudo guix system reconfigure /run/current-system/configuration.scm
  sudo herd restart guix-daemon

On other distros, assuming services are managed by systemd:

  sudo --login guix pull
  sudo systemctl restart guix-daemon.service

(See <https://guix.gnu.org/manual/en/html_node/Upgrading-Guix.html>.)

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]