Risk of local privilege escalation via setuid programs
On Guix System, setuid
were, until now, installed as setuid-root and setgid-root (in the
/run/setuid-programs directory). However, most of these programs are
meant to run as setuid-root, but not setgid-root. Thus, this setting
posed a risk of local privilege escalation (users of Guix on a “foreign
distro” are unaffected).
This bug has been fixed and users are advised to upgrade their system, with commands along the lines of:
guix pull sudo guix system reconfigure /run/current-system/configuration.scm
This issue is tracked as bug #46305; you can read the thread for more information. There are no known exploitation of this issue to date. Many thanks to Duncan Overbruck for reporting it.
Please report any issues you may have to
firstname.lastname@example.org. See the
security web page for information
on how to report security issues.
About GNU Guix
GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the Hurd or the Linux kernel, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, and AArch64 machines.
In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. When used as a standalone GNU/Linux distribution, Guix offers a declarative, stateless approach to operating system configuration management. Guix is highly customizable and hackable through Guile programming interfaces and extensions to the Scheme language.