From d071ee3aff5be1a6d7876d7411e70f7283dce1fb Mon Sep 17 00:00:00 2001 From: Maxime Devos Date: Sat, 3 Apr 2021 12:19:10 +0200 Subject: [PATCH 2/2] news: Add entry for user account activation vulnerability. TODO for guix committer: correct the commit id appropriately. * etc/news.scm: Add entry. --- etc/news.scm | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/etc/news.scm b/etc/news.scm index deedc69f6e..0cc9c183a0 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -12,6 +12,7 @@ ;; Copyright © 2020, 2021 Maxim Cournoyer ;; Copyright © 2021 Leo Famulari ;; Copyright © 2021 Zhu Zihao +;; Copyright © 2021 Maxime Devos ;; ;; Copying and distribution of this file, with or without modification, are ;; permitted in any medium without royalty provided the copyright notice and @@ -20,6 +21,22 @@ (channel-news (version 0) + ;; XXX to guix committers: this commit likely needs to be changed. + (entry (commit "9672bd37bf50db1e0989d0b84035c4788422bd31") + (title + (en "Risk of local privilege escalation by creation of new user accounts")) + (body + (en "A security vulnerability that can lead to local privilege +escalation has been found in the activation code of user accounts. The +system is only vulnerable during the activation of user accounts (including +system accounts) that do not already exist. + +The attack consists of the user logging in after the user's home directory +has been created, but before the activation of the user has been completed, +by creating an appropriately named symbolic link in the home directory +pointing to a sensitive file, such as @file{/etc/shadow}. + +See @uref{https://issues.guix.gnu.org/47584} for more information on this bug."))) (entry (commit "9ade2b720af91acecf76278b4d9b99ace406781e") (title (en "Update on previous @command{guix-daemon} local privilege escalation") -- 2.31.1