[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed
|
From: |
Leo Famulari |
|
Subject: |
bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’ |
|
Date: |
Thu, 18 Mar 2021 17:10:49 -0400 |
On Thu, Mar 18, 2021 at 12:17:15PM +0100, Ludovic Courtès wrote:
> It does not affect multi-user setups where ‘guix-daemon’ runs on a
> separate machine and is accessed over the network, via
> ‘GUIX_DAEMON_SOCKET’, as is customary on cluster setups. Machines where
> the Linux “protected hardlink”[*] feature is enabled, which is common,
> are also unaffected—this is the case when the contents of
> /proc/sys/fs/protected_hardlinks are 1.
After publishing the advisory, we received a clarification about the
impact of "protected hardlinks".
When using a guix-daemon that does not include the fix [0] for the bug
reported here, it is still possible for rogue build scripts to escape
the build environment, even when protected hardlinks are enabled.
Protected hardlinks do make exploitation significantly more difficult,
but not impossible.
For this reason, we continue to recommend that all Guix users upgrade
their guix-daemons, as described in the original advisory.
[0]
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf
signature.asc
Description: PGP signature