[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192)
From: |
Ludovic Courtès |
Subject: |
Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192) |
Date: |
Thu, 17 Oct 2019 23:29:14 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hello,
We have become aware of a security issue for Guix on multi-user systems
that we have just fixed (CVE-2019-18192). Anyone running Guix on a
multi-user system is encouraged to upgrade ‘guix-daemon’—see below for
instructions.
More information is available on the Guix blog:
https://guix.gnu.org/blog/2019/insecure-permissions-on-profile-directory-cve-2019-18192/
Summary
~~~~~~~
The default user profile, ~/.guix-profile, points to
/var/guix/profiles/per-user/$USER. Until now,
/var/guix/profiles/per-user was world-writable, allowing the ‘guix’
command to create the $USER sub-directory.
On a multi-user system, this allowed a malicious user to create and
populate that $USER sub-directory for another user that had not yet
logged in. Since /var/…/$USER is in $PATH, the target user could end up
running attacker-provided code.
Upgrading
~~~~~~~~~
To upgrade the daemon On Guix System, run:
guix pull
sudo guix system reconfigure /etc/config.scm
sudo herd restart guix-daemon
On other distros, run something along these lines:
sudo guix pull
sudo systemctl restart guix-daemon.service
Please report any issues you may have to address@hidden.
Ludo’, on behalf of the Guix team.
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Insecure permissions on /var/guix/profiles/per-user (CVE-2019-18192),
Ludovic Courtès <=