[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
From: |
Bengt Richter |
Subject: |
bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix) |
Date: |
Thu, 17 Oct 2019 19:21:28 -0700 |
User-agent: |
Mutt/1.12.1 (2019-06-15) |
Hi Ludo, Tobias,
On +2019-10-17 22:25:58 +0200, Ludovic Courtès wrote:
> Hallo!
>
> Tobias Geerinckx-Rice <address@hidden> skribis:
>
> > Ludovic Courtès 写道:
> >> See https://issues.guix.gnu.org/issue/37744
> >
> > Will this be automatically linkified?
>
> Yes, I think so.
>
> >> # Upgrading
> >>
> >> On multi-user systems, we recommend upgrading the daemon now.
> >>
> >> To upgrade the daemon on a “foreign distro”, run something along
> >> these
> >
> > Imperialist nitpick: why list the foreigners first? :-)
> >
> > Anti-imperialist nitpick: reversing the two allows using ‘other
> > distributions’ instead of ‘foreign’ which always sounds a bit
> > dismissive to my ears.
> >
> > End nitpick.
>
> That makes sense to me; I’m not satisfied with “foreign” either (I think
> the inspiration came from FFIs, but still). Maybe “fellow distros”?
> :-)
Is not the important distinction whether the "foreign distro" can be generated
with pure guix libre components using a pure guix tool chain vs not?
Maybe define a (guix-auditable? "/") test and then
s/foreign/non-guix-auditable/g
in docs and discussions?
Just a thought :)
__
Regards,
Bengt Richter
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), (continued)
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), pelzflorian (Florian Pelz), 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/17
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/17
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/17
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix),
Bengt Richter <=
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/18
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Bengt Richter, 2019/10/18
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Tobias Geerinckx-Rice, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Ludovic Courtès, 2019/10/16
- bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix), Julien Lepiller, 2019/10/16