部落格 - Security Advisory
Build User Takeover Vulnerability
2024-10-21
A security issue has been identified in guix-daemon which allows for a local user to gain the privileges of any of the build users and subsequently use…
Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297)
2024-03-12
A security issue has been identified in guix-daemon which allows for fixed-output derivations , such as source code tarballs or Git checkouts, to be corrupted by an unprivileged…
Risk of local privilege escalation via guix-daemon (CVE-2021-27851)
2021-03-18
A security vulnerability that can lead to local privilege escalation has been found in guix-daemon . It affects multi-user setups in which guix-daemon runs locally. …
Risk of local privilege escalation via setuid programs
2021-02-09
On Guix System, setuid programs were, until now, installed as setuid-root and setgid-root (in the /run/setuid-programs directory). However, most of these programs are meant to…
Insecure permissions on profile directory (CVE-2019-18192)
2019-10-17
We have become aware of a security issue for Guix on multi-user systems that we have just fixed ( CVE-2019-18192 ). Anyone running Guix on a multi-user system is…