From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp0.migadu.com ([2001:41d0:403:4876::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms8.migadu.com with LMTPS
	id ODbFOsnG8WXkngAAqHPOHw:P1
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 13 Mar 2024 16:31:22 +0100
Received: from aspmx1.migadu.com ([2001:41d0:403:4876::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0.migadu.com with LMTPS
	id ODbFOsnG8WXkngAAqHPOHw
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 13 Mar 2024 16:31:22 +0100
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=debian.org header.s=1.vagrant.user header.b=nuiudNIs;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1710343881; a=rsa-sha256; cv=none;
	b=Hq88qOHg/f8zYQS4if4ekMx8p1OzbO72tOADmjuMGeAc/p9npfdGXNjzSnchG485s4p9Pj
	IXDtrCBvog0AeJbsiPMmmXNPHwfUuXeoZMPx/SztTDzU6L7MNvjuQdH/0scTJB8PW+vTcw
	Y522dgorYiiX2elF6WgO9pOT8Tf3mVxP1Abf9p8XGTDMYg7oKkLmD0cxjKQSJqmc14Ymd2
	kuO7k1pffs4TGHwXW6u3MxrJ1k09aaX0JQ93VDpe2KVJJ75+6oTONT3ucgzIhfcvyzCXP8
	FNBn+3w0wC5rBmym3DDKWSk03r46Ha+Cwn7JRkCyN3e7sUOe6AiNzlloidvqHg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=debian.org header.s=1.vagrant.user header.b=nuiudNIs;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1710343881;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe:
	 list-post:dkim-signature; bh=Jza2R6ur8wLPg2bo/ufYDEFgjWK1uzKQw20/fmHMT7I=;
	b=YlXSfvepGeL8Zm94Wak25wDZziMDDaC96jli7S9fdGn893Rwx5Z+6qCf+hMwSqW2NM+M8C
	vRuMt1MTGTDB0M83+yCrH5+3DD0RU8PYupFjdJ+D9ahzimkCLGIylglgLGq4vjhDNP9kDH
	rVniIEwa7qNz6zCuS6Xaul6ByUbwTVr89MPlFD51XIxNdpeRVOWc2F3Q8himkeB4At5ooA
	AhYhirvfk1LkErpH6/RM9gNMVB28BZNbhRutaxu7fqpazkFlm8h4NfXmhkHen3GFwYJAtj
	UlnZZfAeCEckdJpbLBDNAMOdqwHAc80KVyUWk1ohB2LKz3mlqoafBoNvoqK1iw==
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 5D8827884D
	for <larch@yhetil.org>; Wed, 13 Mar 2024 16:31:21 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces@gnu.org>)
	id 1rkQZ7-0006WF-Fq; Wed, 13 Mar 2024 11:30:55 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rkQYl-00061r-Ch
 for bug-guix@gnu.org; Wed, 13 Mar 2024 11:30:27 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rkQYl-0003LF-4E
 for bug-guix@gnu.org; Wed, 13 Mar 2024 11:30:27 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rkQZK-0004gd-6U
 for bug-guix@gnu.org; Wed, 13 Mar 2024 11:31:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#69777: Please add a test for CVE-2024-27297
Resent-From: Vagrant Cascadian <vagrant@debian.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Wed, 13 Mar 2024 15:31:02 +0000
Resent-Message-ID: <handler.69777.B.171034383017964@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 69777
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 69777@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.171034383017964
 (code B ref -1); Wed, 13 Mar 2024 15:31:02 +0000
Received: (at submit) by debbugs.gnu.org; 13 Mar 2024 15:30:30 +0000
Received: from localhost ([127.0.0.1]:47188 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1rkQYn-0004fg-Pf
 for submit@debbugs.gnu.org; Wed, 13 Mar 2024 11:30:30 -0400
Received: from lists.gnu.org ([209.51.188.17]:38788)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <vagrant@debian.org>) id 1rkQYm-0004fY-Hl
 for submit@debbugs.gnu.org; Wed, 13 Mar 2024 11:30:28 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <vagrant@debian.org>)
 id 1rkQYC-0004np-QY
 for bug-guix@gnu.org; Wed, 13 Mar 2024 11:29:53 -0400
Received: from cascadia.aikidev.net ([173.255.214.101])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <vagrant@debian.org>)
 id 1rkQYB-00030C-1R
 for bug-guix@gnu.org; Wed, 13 Mar 2024 11:29:52 -0400
Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50])
 (Authenticated sender: vagrant@cascadia.debian.net)
 by cascadia.aikidev.net (Postfix) with ESMTPSA id 683A71AEDC
 for <bug-guix@gnu.org>; Wed, 13 Mar 2024 08:29:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org;
 s=1.vagrant.user; t=1710343780;
 bh=TKQTr9GdYRePSTbr4pf352OF3Czj6QYHS2+LN4Tpmx0=;
 h=From:To:Subject:Date:From;
 b=nuiudNIsLfk1u9Fm+ojwe6ql474qfOKz3+8rSMhrqQhONw6C57Ct8XIKACaJnC1PX
 yfMm/SfQLd8+F/JLlfowuSAnm0P2Z8smouEB++rA1lALY1vwaRxKq8hKYFb6If84V+
 NPaMqEHW02LFLKWYjBOoPtrzi28dp+Rxg5e5nkfqLPYaIqdvNDGAYR//2i8I2n+WpT
 Hf2yalqghdlEpSwdNJ9wpXOG+4BV8HH0fzVGJU82ezHXvQS3SVRUM/+7AfubX5JlsC
 i7Vj2U8bObxf3vel6k5azSh/yWdkfvJZVvrW6Ij2dVEED9PgqJJKj4nh3cegAEMln8
 zCpbSKHMD9mLQ==
From: Vagrant Cascadian <vagrant@debian.org>
Date: Wed, 13 Mar 2024 08:29:36 -0700
Message-ID: <874jda6tgf.fsf@wireframe>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: none client-ip=173.255.214.101; envelope-from=vagrant@debian.org;
 helo=cascadia.aikidev.net
X-Spam_score_int: -30
X-Spam_score: -3.1
X-Spam_bar: ---
X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.971,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 SPF_HELO_NONE=0.001, SPF_NONE=0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: bug-guix-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Scanner: mx10.migadu.com
X-Migadu-Spam-Score: -2.49
X-Spam-Score: -2.49
X-Migadu-Queue-Id: 5D8827884D
X-TUID: SK0BnXR84Ylc

--=-=-=
Content-Type: text/plain

It would be really nice, especially for downstream distributors, if
there was a test for CVE-2024-27297.

There is working code to test this in the excellent blog post on the
subject, which is a likely good starting point!

  https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/

Super extra bonus points if the test is backwards compatible with guix
1.4 and 1.2 :)

live well,
  vagrant

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZfHGYQAKCRDcUY/If5cW
qpknAP47fWB5TlrjYjqi2m2rehcO6V/dk0GQ3mXW5ADXCktjDQD8DYHL/GKaMx4O
kufrHGgPwFeDSxcMlPi6pjKjsGPZfgA=
=+c5S
-----END PGP SIGNATURE-----
--=-=-=--