bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

From:	Tobias Geerinckx-Rice
Subject:	bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Date:	Tue, 15 Oct 2019 16:31:40 +0200

Ludo',

Thanks for your answer.

Ludovic Courtès 写道：

I need more cluebat please: say I'm an attacker and connect toyour
daemon (over TCP, why not), asking it to create an empty
‘per-user/ludo’.
You wouldn’t be able to do that because over TCP because thedaemon
can’t tell what user you are.


No, I ask it nicely: ‘hullo daemon, I'm, er, "ludo"’.

Of course the remote daemon doesn't trust me beyond pre-creatingan empty per-user directory owned by the local "ludo" user only ifsuch a user exists. It doesn't even report succes or failure toavoid leaking valid user names.

You already trust the network not to DoS you with webkitgtks, howdoes this new step decrease security?


Sure, it bumps the protocol version; I'm aware of that.

It’s meant for cluster setups where you have one
head node that clients connect to from remote nodes.

And likely some kind of centralised user management so it's notunreasonable to handle this differently/manually.


Kind regards,

T G-R

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/14
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/14
  - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/14
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Maxim Cournoyer, 2019/10/14
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/15
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice <=
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
    - bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16

Prev by Date: bug#37732: mps-youtube propagates util-linux
Next by Date: bug#37765: Trivial rust 1.37.0-compiled program immediately segfaults on newest master
Previous by thread: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Next by thread: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Index(es):
- Date
- Thread