Package: guix Version: 1.2.0-3 Severity: important Dear Maintainer,
Hi, I saw an announcement that there is a risk of local privilege escalation via the guix daemon. https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix- daemon/ It says that "Machines where the Linux protected hardlinks feature is enabled, which is common, are also unaffected — this is the case when the contents of /proc/sys/fs/protected_hardlinks are 1." which appears to be true on my system. We probably should still apply the fix to our guix-daemon. Thanks Diane -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'stable-debug'), (500, 'testing'), (500, 'stable'), (110, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-4-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages guix depends on: ii guile-2.2 2.2.7+1-5.4 ii guile-2.2-libs 2.2.7+1-5.4 ii guile-gcrypt 0.3.0-3 ii guile-git 0.4.0-3 ii guile-gnutls 3.7.0-7 ii guile-json 4.3.2-2 ii guile-lzlib 0.0.2-2 ii guile-sqlite3 0.1.3-2 ii guile-ssh 0.13.1-4 ii guile-zlib 0.0.1-3 ii libbz2-1.0 1.0.8-4 ii libc6 2.31-9 ii libgcc-s1 10.1.0-1 ii libgcrypt20 1.8.7-3 ii libsqlite3-0 3.34.1-3 ii libssh-dev 0.9.5-1 ii libstdc++6 10.1.0-1 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages guix recommends: ii nscd 2.31-9 ii systemd 247.3-1 guix suggests no packages.
