bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

[Julien Lepiller]

Le 16 octobre 2019 12:22:33 GMT+02:00, "Ludovic Courtès" <address@hidden> a 
écrit :
>Hello!
>
>Here’s a patch that fixes the issue, partly based on what the Nix folks
>did.
>
>For the client-connecting-over-TCP case, I added special handling:
>‘set-build-options’ now passes a “user-name” property, potentially
>allowing to create ‘per-user/$USER’ at that point (like you suggested,
>Tobias.)
>
>In a cluster setup, it means that the machine that runs ‘guix-daemon’
>must see the same users as the machines where its clients run, but
>that’s basically already what we expect:
><https://hpc.guix.info/blog/2017/11/installing-guix-on-a-cluster/>.
>
>There’s one case that won’t be correctly handled: in a cluster setup,
>an
>old client talking to a new daemon won’t provide info to create
>‘per-user/$USER’, and thus ‘guix package’ & co. won’t be able to create
>the user’s profile it it doesn’t already exist.  I think that’s hard to
>avoid though.
>
>Thoughts?
>
>Thanks,
>Ludo’.

We could advise people to restart the service too, with e.g. systemctl restart 
guix-daemon