bug#69777: Please add a test for CVE-2024-27297

unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed

* bug#69777: Please add a test for CVE-2024-27297
@ 2024-03-13 15:29 Vagrant Cascadian
  2024-03-13 23:10 ` Vagrant Cascadian
  0 siblings, 1 reply; 2+ messages in thread
From: Vagrant Cascadian @ 2024-03-13 15:29 UTC (permalink / raw)
  To: 69777

[-- Attachment #1: Type: text/plain, Size: 424 bytes --]

It would be really nice, especially for downstream distributors, if
there was a test for CVE-2024-27297.

There is working code to test this in the excellent blog post on the
subject, which is a likely good starting point!

  https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/

Super extra bonus points if the test is backwards compatible with guix
1.4 and 1.2 :)

live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* bug#69777: Please add a test for CVE-2024-27297
  2024-03-13 15:29 bug#69777: Please add a test for CVE-2024-27297 Vagrant Cascadian
@ 2024-03-13 23:10 ` Vagrant Cascadian
  0 siblings, 0 replies; 2+ messages in thread
From: Vagrant Cascadian @ 2024-03-13 23:10 UTC (permalink / raw)
  To: 69777

[-- Attachment #1: Type: text/plain, Size: 2861 bytes --]

On 2024-03-13, Vagrant Cascadian wrote:
> It would be really nice, especially for downstream distributors, if
> there was a test for CVE-2024-27297.
>
> There is working code to test this in the excellent blog post on the
> subject, which is a likely good starting point!
>
>   https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/
>
> Super extra bonus points if the test is backwards compatible with guix
> 1.4 and 1.2 :)

FWIW, the reproducer from the blog is not working for me with guix 1.2:

guix build -f guix-cve-2024-27297 -M4
/home/vagrant/guix-cve-2024-27297:20:7: warning: importing module (guix config) from the host
/home/vagrant/guix-cve-2024-27297:20:7: warning: importing module (guix config) from the host
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
The following derivations will be built:
   /gnu/store/dirlf6m5kb6by220qivwj10r677ylb39-checking-for-vulnerability.drv
   /gnu/store/90ysjngcdr0z5mcxprryxpp2413mly8z-derivation-that-exfiltrates-fd-65f22e2a-11731.drv
   /gnu/store/ndny5r3l0s2vq1nal4raskl9pb0badc3-sender.drv
   /gnu/store/m1ln7m49qrd5jbg0rhjwgb3p5v4iqv1p-derivation-that-grabs-fd-65f22e2a-11731.drv
   /gnu/store/n7zss6k3999bm566n6xwqgc5672mw5yr-receiver.drv
building /gnu/store/n7zss6k3999bm566n6xwqgc5672mw5yr-receiver.drv...
building /gnu/store/ndny5r3l0s2vq1nal4raskl9pb0badc3-sender.drv...
Backtrace:
           4 (primitive-load "/gnu/store/2vg1l5pb6jgbrg3iivzj01gl0n8?")
In ice-9/eval.scm:
    619:8  3 (_ #f)
   191:27  2 (_ #f)
   223:20  1 (proc #<directory (guile-user) 7ffff5bb7f00>)
In unknown file:
           0 (%resolve-variable (7 . load-profile) #<directory (guil?>)

ERROR: In procedure %resolve-variable:
Unbound variable: load-profile
Backtrace:
           4 (primitive-load "/gnu/store/c4a9kl1p4xs8fmw2w5smaim04cy?")
In ice-9/eval.scm:
    619:8  3 (_ #f)
   191:27  2 (_ #f)
   223:20  1 (proc #<directory (guile-user) 7ffff5bb7f00>)
In unknown file:
           0 (%resolve-variable (7 . load-profile) #<directory (guil?>)


ERROR: In procedure %resolve-variable:
Unbound variable: load-profile
builder for `/gnu/store/ndny5r3l0s2vq1nal4raskl9pb0badc3-sender.drv' failed with exit code 1
build of /gnu/store/ndny5r3l0s2vq1nal4raskl9pb0badc3-sender.drv failed
View build log at '/var/log/guix/drvs/nd/ny5r3l0s2vq1nal4raskl9pb0badc3-sender.drv.bz2'.
cannot build derivation `/gnu/store/90ysjngcdr0z5mcxprryxpp2413mly8z-derivation-that-exfiltrates-fd-65f22e2a-11731.drv': 1 dependenc
ies couldn't be built
cannot build derivation `/gnu/store/dirlf6m5kb6by220qivwj10r677ylb39-checking-for-vulnerability.drv': 1 dependencies couldn't be bui
lt
guix build: error: build of `/gnu/store/dirlf6m5kb6by220qivwj10r677ylb39-checking-for-vulnerability.drv' failed


I guess I can try "guix pull" to something current to run it...

live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-03-13 23:11 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-13 15:29 bug#69777: Please add a test for CVE-2024-27297 Vagrant Cascadian
2024-03-13 23:10 ` Vagrant Cascadian

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).