[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
From: |
Ludovic Courtès |
Subject: |
bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix) |
Date: |
Tue, 15 Oct 2019 14:34:46 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi!
Tobias Geerinckx-Rice <address@hidden> skribis:
> The 1777 is obviously very bad, no question. However: question:
>
> Ludovic Courtès 写道:
>> I don’t see how to let the daemon create ‘per-user/$USER’ on behalf
>> of
>> the client for clients connecting over TCP. Or we’d need to add a
>> challenge mechanism or authentication.
>
> I need more cluebat please: say I'm an attacker and connect to your
> daemon (over TCP, why not), asking it to create an empty
> ‘per-user/ludo’.
You wouldn’t be able to do that because over TCP because the daemon
can’t tell what user you are.
Note that TCP has to be explicitly enabled through ‘guix-daemon
--listen=0.0.0.0’. It’s meant for cluster setups where you have one
head node that clients connect to from remote nodes.
I suppose we won’t be able to address the problem in this particular
setup, unless we had some authentication mechanism like I wrote above
(it could be a challenge like the MIT-MAGIC-COOKIE.)
Ludo’.
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/14
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/14
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/14
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Maxim Cournoyer, 2019/10/14
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix),
Ludovic Courtès <=
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/15
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16