[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Risk of local privilege escalation via guix-daemon
|
From: |
Leo Famulari |
|
Subject: |
Risk of local privilege escalation via guix-daemon |
|
Date: |
Thu, 18 Mar 2021 13:34:12 -0400 |
Hello,
A security vulnerability that can lead to local privilege escalation has
been found in the `guix-daemon`. It affects multi-user setups in which
`guix-daemon` runs locally.
This bug has been fixed.
More information is available on the Guix blog:
https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/
Summary
~~~~~~~
The attack consists in having an unprivileged user spawn a build process, for
instance with `guix build`, that makes its build directory world-writable. The
user then creates a hardlink to a root-owned file such as `/etc/shadow` in that
build directory. If the user passed the `--keep-failed` option and the build
eventually fails, the daemon changes ownership of the whole build tree,
including the hardlink, to the user. At that point, the user has write access
to the target file.
Upgrading
~~~~~~~~~
On multi-user systems, we recommend upgrading the `guix-daemon` now.
To upgrade the daemon on Guix System, run:
```
guix pull
sudo guix system reconfigure /run/current-system/configuration.scm
sudo herd restart guix-daemon
```
On other distros, use something like this:
```
sudo --login guix pull
sudo systemctl restart guix-daemon.service
```
Please report any issues you may have to <guix-devel@gnu.org>.
On behalf of the Guix team,
Leo Famulari
signature.asc
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Risk of local privilege escalation via guix-daemon,
Leo Famulari <=