|
From: | Ludovic Courtès |
Subject: | bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’ |
Date: | Thu, 18 Mar 2021 12:45:36 +0100 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Ludovic Courtès <ludo@gnu.org> skribis: > The fix (patch attached) consists in adding a root-owned “wrapper” > directory in which the build directory itself is located. The fix has now been pushed: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf Followed by an update of the ‘guix’ package to make the fix available: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=94f03125463ee0dba2f7916fcd43fd19d4b6c892 We recommend upgrading the daemon (using commit 94f03125 or later). On Guix System, you achieve that by running something along these lines: guix pull sudo guix system reconfigure /run/current-system/configuration.scm sudo herd restart guix-daemon On other distros, assuming services are managed by systemd: sudo --login guix pull sudo systemctl restart guix-daemon.service (See <https://guix.gnu.org/manual/en/html_node/Upgrading-Guix.html>.) Ludo’.
[Prev in Thread] | Current Thread | [Next in Thread] |