MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
build
Search

A vulnerability in the Guix build system

Monday October 21, 2024. 03:40 PM , from LWN.net
The

Guix project has

disclosed a security vulnerability in the build daemon that the distribution uses to build and install software locally. The vulnerability allows an existing unprivileged user to get access to a

setuid binary, and from there potentially interfere with any other software built or installed on the computer. The project recommends upgrading the guix daemon now, to avoid the issue.

This exploit requires the ability to start a derivation build and the
ability to run arbitrary code with access to the store in the root PID
namespace on the machine the build occurs on. As such, this represents
an increased risk primarily to multi-user systems and systems using
dedicated privilege-separation users for various daemons: without
special sandboxing measures, any process of theirs can take advantage
of this vulnerability.
Read more at LWN.net
https://lwn.net/Articles/994865/

Related News

build San Francisco Muni's Rail System Will Spend $212 Million To Upgrade From Floppy Disks SlashdotOct 23
vulnerability Watch Claude AI take control of a computer and build its own website from scratch BoingBoingOct 22
guix Post Office CTO had 'nagging doubts' about Horizon system despite reliability assurances TheRegisterOct 17
any Get started with the free-threaded build of Python 3.13 InfoWorldOct 16
access Microsoft teases latest Windows 10 build despite looming end TheRegisterOct 15
systems You're not going crazy! Microsoft's most up-to-date operating system is now less than $20 BoingBoingOct 12
daemon You're not going crazy! Microsoft's most up-to-date operating system is now less than $20 BoingBoingOct 12
ability Chinese boffins build soft robot finger that can take your pulse TheRegisterOct 11
project Sleepy genius creates ultimate phone-tormenting alarm system BoingBoingOct 10
system Eric Schmidt: Build more AI datacenters, we aren't going to 'hit climate goals anyway' TheRegisterOct 8
build Databricks says with its new Databricks Apps platform, you can build tailored enterprise apps in 5 minutes InfoWorldOct 8
vulnerability SAP Build gains AI capabilities to help build autonomous agents InfoWorldOct 8
guix XCP-NG thanks Broadcom for increased interest, swipes Citrix for not helping build an alternative TheRegisterOct 8
any 'Critical' CUPS vulnerability chain easy to use for massive DDoS attacks TheRegisterOct 7
access Hobbyist Builds a Modern System That Still Runs MS-DOS SlashdotOct 6
systems Akamai finds many systems with exposed CUPS vulnerability LWN.netOct 5
daemon Akamai Warns CUPS-Browsed Vulnerability Also Brings New Threat of DDoS Attacks SlashdotOct 5
ability Akamai Warns CUPS Vulnerability Also Brings New Threat of DDoS Attacks SlashdotOct 5
project Latest Windows 11 Dev Build Is Out With Copilot Key Remapping SlashdotOct 5
system Meta's New 'Movie Gen' AI System Can Deepfake Video From a Single Photo SlashdotOct 4
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Oct, Thu 24 - 00:36 CEST