bug#51833: SECURITY: Sanitize the permissions for guix daemon socket?

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#51833: SECURITY: Sanitize the permissions for guix daemon socket?

From:	Jacob Hrbek
Subject:	bug#51833: SECURITY: Sanitize the permissions for guix daemon socket?
Date:	Sun, 14 Nov 2021 09:18:46 +0000

The /var/guix/daemon-socket/socket is by default set to be owned by root:root with chmod 0666 that allows **ALL** users on the system to interact with guix daemon to write in the store directory.

Proposing to define a group (or use guixbuild group?) to by default deny access to the socket to all users without the group as i see this being a security issue waiting to happen.

-- Jacob "Kreyren" Hrbek

Sent with ProtonMail Secure Email.

publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc
Description: application/pgp-keys

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#51833: SECURITY: Sanitize the permissions for guix daemon socket?, Jacob Hrbek <=
- bug#51833: (No Subject), Jacob Hrbek, 2021/11/14

Prev by Date: bug#48552: mesa 20.2.4 is not reproducible
Next by Date: bug#51833: (No Subject)
Previous by thread: bug#48552: mesa 20.2.4 is not reproducible
Next by thread: bug#51833: (No Subject)
Index(es):
- Date
- Thread