diff options
author | Tobias Geerinckx-Rice <me@tobias.gr> | 2021-03-18 21:51:45 +0100 |
---|---|---|
committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2021-03-18 21:52:02 +0100 |
commit | f62633a527a7b54ab2c552b493dce382ab2365e6 (patch) | |
tree | ab41c37a9b9814a53852c6cd971aff3ddde5e660 | |
parent | 9ade2b720af91acecf76278b4d9b99ace406781e (diff) | |
download | guix-f62633a527a7b54ab2c552b493dce382ab2365e6.tar.gz |
news: Add erratum for '--keep-failed' vulnerability.
* etc/news.scm: Add entry.
-rw-r--r-- | etc/news.scm | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/etc/news.scm b/etc/news.scm index 3c604b0d23..f3e6bb6dff 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -22,6 +22,22 @@ (entry (commit "ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf") (title + (en "Update on previous @command{guix-daemon} local privilege escalation")) + (body + (en "The previous news item described a potential local privilege +escalation in @command{guix-daemon}, and claimed that systems with the Linux +@uref{https://www.kernel.org/doc/Documentation/sysctl/fs.txt, +``protected hardlink''} feature enabled were unaffected by the vulnerability. + +This is not entirely correct. Exploiting the bug on such systems is harder, +but not impossible. To avoid unpleasant surprises, all users are advised to +upgrade @command{guix-daemon}. Run @command{info \"(guix) Upgrading Guix\"} +for info on how to do that. See +@uref{http://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/} +for more information on this bug."))) + + (entry (commit "ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf") + (title (en "Risk of local privilege escalation @i{via} @command{guix-daemon}") (de "Risiko lokaler Rechteausweitung über @command{guix-daemon}") (fr "Risque d'élévation locale de privilèges @i{via} @command{guix-daemon}") |