From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix) Date: Mon, 14 Oct 2019 09:58:47 +0200 Message-ID: <87blujsqq0.fsf@gnu.org> References: <87o8yjsr8o.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:50094) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iJvFv-0002AG-SJ for bug-guix@gnu.org; Mon, 14 Oct 2019 03:59:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iJvFu-0005eH-Nj for bug-guix@gnu.org; Mon, 14 Oct 2019 03:59:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:57437) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iJvFu-0005eB-Kp for bug-guix@gnu.org; Mon, 14 Oct 2019 03:59:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iJvFu-0001P5-Ib for bug-guix@gnu.org; Mon, 14 Oct 2019 03:59:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87o8yjsr8o.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 14 Oct 2019 09:47:35 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 37744@debbugs.gnu.org Cc: GNU Guix maintainers , guix-security@gnu.org Ludovic Court=C3=A8s skribis: > Looks like we=E2=80=99ll need to do something similar to: > . Compared to the Nix build daemon, our daemon can accept connections over TCP in addition to Unix-domain sockets, so the bit that does: store->createUser(userName, userId); won=E2=80=99t work in that context (it would create =E2=80=98per-user/root= =E2=80=99.) I don=E2=80=99t see how to let the daemon create =E2=80=98per-user/$USER=E2= =80=99 on behalf of the client for clients connecting over TCP. Or we=E2=80=99d need to add a challenge mechanism or authentication. Thoughts? Ludo=E2=80=99.