[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: news: Clarify time window for account activation
From: |
guix-commits |
Subject: |
branch master updated: news: Clarify time window for account activation vulnerability. |
Date: |
Sat, 03 Apr 2021 16:20:12 -0400 |
This is an automated email from the git hooks/post-receive script.
civodul pushed a commit to branch master
in repository guix.
The following commit(s) were added to refs/heads/master by this push:
new 3b6247b news: Clarify time window for account activation
vulnerability.
3b6247b is described below
commit 3b6247ba6d531be61b85e8b0c02ff4d7118593f5
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Sat Apr 3 22:19:28 2021 +0200
news: Clarify time window for account activation vulnerability.
* etc/news.scm: Tweak wording about skeleton files.
---
etc/news.scm | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/etc/news.scm b/etc/news.scm
index adb81dd..3e5b2d7 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -42,9 +42,10 @@ The attack can happen when @command{guix system reconfigure}
is running.
Running @command{guix system reconfigure} can trigger the creation of new user
accounts if the configuration specifies new accounts. If a user whose account
is being created manages to log in after the account has been created but
-before ``skeleton files'' have been copied to its home directory, they may, by
-creating an appropriately-named symbolic link in the home directory pointing
-to a sensitive file, such as @file{/etc/shadow}, get root privileges.
+before ``skeleton files'' copied to its home directory have the right
+ownership, they may, by creating an appropriately-named symbolic link in the
+home directory pointing to a sensitive file, such as @file{/etc/shadow}, get
+root privileges.
See @uref{https://issues.guix.gnu.org/47584} for more information on this
bug.")))
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: news: Clarify time window for account activation vulnerability.,
guix-commits <=