Oh no, do we have a Texi injection vulnerability in Guix? :) What I understand is that an error occurs when trying to show a hint to the user (display-hint in the backtrace). This calls texi->plain-text which transforms texinfo markup to text for displaying on a terminal. With your user name, it tries to read something like:
/home/~a/.guix-profile/etc/profile Which is expanded into: /home/[email protected]/.guix-profile/etc/profile And the @ is understood as texinfo markup but there is no @foo command in texinfo. How do we fix that though? Le 23 novembre 2022 13:46:30 GMT+01:00, [email protected] a écrit : >Hello! > >I use the guix package manager on ubuntu 22.04. > >I have successfully installed fdm and mu packages but I got an error when >installing emacs package. > >My user is a domain user, the domain name is 'foo.bar' and then sssd use a >home directory like '/home/[email protected]' which seems to cause that error. > >Installation log: >$ LANG=C guix install emacs >The following package will be installed: > emacs 28.2 > >hint: Backtrace: > 17 (primitive-load "/home/[email protected]/.config/guix?") >In guix/ui.scm: > 2275:7 16 (run-guix . _) > 2238:10 15 (run-guix-command _ . _) >In ice-9/boot-9.scm: > 1752:10 14 (with-exception-handler _ _ #:unwind? _ # _) >In guix/status.scm: > 835:3 13 (_) > 815:4 12 (call-with-status-report _ _) >In guix/store.scm: > 1300:8 11 (call-with-build-handler _ _) > 1300:8 10 (call-with-build-handler #<procedure 7f83d177e480 at g?> ?) >In guix/build/syscalls.scm: > 1435:3 9 (_) > 1402:4 8 (call-with-file-lock/no-wait _ _ _) >In guix/scripts/package.scm: > 325:7 7 (build-and-use-profile _ "/var/guix/profiles/per-user/?" ?) >In guix/ui.scm: > 312:5 6 (display-hint _ _) > 1448:24 5 (texi->plain-text _) >In texinfo.scm: > 1132:22 4 (parse _) > 980:31 3 (loop #<input: string 7f83bec67a10> (*fragment*) _ _ _) > 967:36 2 (loop #<input: string 7f83bec67a10> #f #<procedure ide?> ?) > 92:2 1 (command-spec _) >In ice-9/boot-9.scm: > 1685:16 0 (raise-exception _ #:continuable? _) > >ice-9/boot-9.scm:1685:16: In procedure raise-exception: >Throw to key `parser-error' with args `(#f "Unknown command" foo)'. > > >
