[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
From: |
Ludovic Courtès |
Subject: |
bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix) |
Date: |
Wed, 16 Oct 2019 08:57:05 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi Tobias,
Tobias Geerinckx-Rice <address@hidden> skribis:
> No, I ask it nicely: ‘hullo daemon, I'm, er, "ludo"’.
>
> Of course the remote daemon doesn't trust me beyond pre-creating an
> empty per-user directory owned by the local "ludo" user only if such a
> user exists. It doesn't even report succes or failure to avoid
> leaking valid user names.
Ah you’re right, the worst that can happen is that an empty directory is
created for someone else. Sounds like a plan.
Ludo’.
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/14
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/14
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/14
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Maxim Cournoyer, 2019/10/14
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/15
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/15
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix),
Ludovic Courtès <=
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16