MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
build
Search

A vulnerability in the Guix build system

Monday October 21, 2024. 03:40 PM , from LWN.net
The

Guix project has

disclosed a security vulnerability in the build daemon that the distribution uses to build and install software locally. The vulnerability allows an existing unprivileged user to get access to a

setuid binary, and from there potentially interfere with any other software built or installed on the computer. The project recommends upgrading the guix daemon now, to avoid the issue.

This exploit requires the ability to start a derivation build and the
ability to run arbitrary code with access to the store in the root PID
namespace on the machine the build occurs on. As such, this represents
an increased risk primarily to multi-user systems and systems using
dedicated privilege-separation users for various daemons: without
special sandboxing measures, any process of theirs can take advantage
of this vulnerability.
Read more at LWN.net
https://lwn.net/Articles/994865/

Related News

build What’s the difference between OEM and SI PCs? A build master explains PC WorldNov 1
vulnerability Say goodbye to Microsoft Windows 11: Nitrux Linux 3.7.1 is the operating system you need! BetaNewsNov 1
guix Japan's space agency to build a digital twin of its ISS module – right before it retires TheRegisterNov 1
any Colorado Agency 'Improperly' Posted Passwords for Its Election System Online SlashdotOct 31
access Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information SlashdotOct 30
systems Identity system modernization held back by 'technical debt' BetaNewsOct 30
daemon Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years SlashdotOct 29
ability Coker: The CUPS vulnerability LWN.netOct 28
project SpaceX's Competitors Scramble to Try to Build Reusable Rockets SlashdotOct 28
system San Francisco Will Pay $212 Million for Its Train System to Ditch Floppy Disks Wired: Tech.Oct 25
build FortiManager critical vulnerability under active attack TheRegisterOct 24
vulnerability San Francisco Muni's Rail System Will Spend $212 Million To Upgrade From Floppy Disks SlashdotOct 23
guix Watch Claude AI take control of a computer and build its own website from scratch BoingBoingOct 22
any Post Office CTO had 'nagging doubts' about Horizon system despite reliability assurances TheRegisterOct 17
access Get started with the free-threaded build of Python 3.13 InfoWorldOct 16
systems Microsoft teases latest Windows 10 build despite looming end TheRegisterOct 15
daemon You're not going crazy! Microsoft's most up-to-date operating system is now less than $20 BoingBoingOct 12
ability You're not going crazy! Microsoft's most up-to-date operating system is now less than $20 BoingBoingOct 12
project Chinese boffins build soft robot finger that can take your pulse TheRegisterOct 11
system Sleepy genius creates ultimate phone-tormenting alarm system BoingBoingOct 10
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Nov, Thu 21 - 13:38 CET