From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id CA7/CKAXEGb7KwAAqHPOHw:P1 (envelope-from ) for ; Fri, 05 Apr 2024 17:24:16 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id CA7/CKAXEGb7KwAAqHPOHw (envelope-from ) for ; Fri, 05 Apr 2024 17:24:16 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=pelzflorian.de header.s=key2 header.b=FNBChQPX; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1712330656; a=rsa-sha256; cv=none; b=cnIuJh+Jnjqd0VU03tctx5VKfI3XRruvcEGnsmdEZphALejKw8JYCVNQnYn7Iqro4d8g0C mlF5Q8bYpgjZt7YjM93+ztCzhHduIVmvBJrsPa/CixOpnOMzB65axsafYLvTds1Bu2Zwdf +hKwGmB1b/bIcZc1gvjzTiu67c4RTgZWZpiomV9gF0XY9U+OZOnh3zFCAX+uyqQWclhA4O ZE/RwpmOTz+H09Nq4TM/t4OJX70aTDJ7VHAsV2IaM99wnWtk+rFQIyXuqp1bb/ynI53K2d DdCEgpmBJ7G3fMrB7yEF6OS1cMOK1u/7mxjlqCHKOChoIdwUzG7F+ZPWjayc3w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=pelzflorian.de header.s=key2 header.b=FNBChQPX; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1712330656; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=J+bDGuIyOwH9e+UFXS9TsXT+AgIg8gxLJTbmKH23oM4=; b=I/VpNerJDwruZQQEOcqXOfYIh4/cUsgPo3V3HjlOk011T4WvMYe0XU/uTcxNvIf4XOGaVF VWBBwB14hLqrzrIv0c/NIVhUpQZe/ru/cdiqC+8NG2PcbDTS41uKCHe8hXc7tvy8JUd2C/ HoHohn8xGAtfQ4PvLkHYj2U5VQGKmv/CJYwq2MyI+1akum+O5xCTlACrTzaB31ti67aKdS gLHP8VOv/4awwE8M5S6lW0EJ+bv7sl1L/PFMHx5hbxSbeh0Fv10FN4irnTT9AQ47flkszQ TYSPYOqBfybE3yh5vIBlVWi44PfIBq3Q85MbQEJSJy9fLK5z8voVwJEAvOdezQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7A07073498 for ; Fri, 5 Apr 2024 17:24:15 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rslQ8-0004rp-5M; Fri, 05 Apr 2024 11:24:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rslQ5-0004rX-D5 for guix-patches@gnu.org; Fri, 05 Apr 2024 11:23:57 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rslQ5-0002gd-3w for guix-patches@gnu.org; Fri, 05 Apr 2024 11:23:57 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rslQ9-0005Ua-L8 for guix-patches@gnu.org; Fri, 05 Apr 2024 11:24:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70022] [PATCH 0/2] Binary Installation: Add more distros Resent-From: "pelzflorian (Florian Pelz)" Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 05 Apr 2024 15:24:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70022 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Denis 'GNUtoo' Carikli Cc: 70022@debbugs.gnu.org Received: via spool by 70022-submit@debbugs.gnu.org id=B70022.171233062221046 (code B ref 70022); Fri, 05 Apr 2024 15:24:01 +0000 Received: (at 70022) by debbugs.gnu.org; 5 Apr 2024 15:23:42 +0000 Received: from localhost ([127.0.0.1]:37264 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rslPq-0005TO-HF for submit@debbugs.gnu.org; Fri, 05 Apr 2024 11:23:42 -0400 Received: from relay.yourmailgateway.de ([194.59.206.189]:53195) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rslPn-0005TB-S4 for 70022@debbugs.gnu.org; Fri, 05 Apr 2024 11:23:41 -0400 Received: from relay02-mors.netcup.net (localhost [127.0.0.1]) by relay02-mors.netcup.net (Postfix) with ESMTPS id 4VB2Lr588Vz433Q; Fri, 5 Apr 2024 17:23:32 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de; s=key2; t=1712330612; bh=88k+j1oCD7pF8wfY3jVg2lBQdoI98aXoGanbZUPXSsk=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=FNBChQPXm7PMkcyqxWMq/Ed2oXFmB7yVvgvvytdOAaVvCBdwxTle7AQDQXWtEhHZ+ KR0fTRwzV72t6h/maN56NbBBcq59pvxy1MUi6w8kYJFlms9l/FrrhJzfGR2JXcTcHE Ici1oybltLOyC7FijYbqXdsJIeQ+olD9Z5uBdMpdweuHWAiEKpu1+IMc45TwAlF5xB 4gfftRnMR1zIM2SkAAz5sBSQvVkszOc7r2X/1p1i9e23YYCNy7WYKl+96jbadGd7pk iPl5fKArLo7wtWWOTh2lDEaI4tL8WXuJKe1Mjla2fICdT6uf2sDwebZxAVKgokxgVs EjBuHXyVBWtKw== Received: from policy02-mors.netcup.net (unknown [46.38.225.35]) by relay02-mors.netcup.net (Postfix) with ESMTPS id 4VB2Lr4mdcz7xc3; Fri, 5 Apr 2024 17:23:32 +0200 (CEST) Received: from mxe217.netcup.net (unknown [10.243.12.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by policy02-mors.netcup.net (Postfix) with ESMTPS id 4VB2Lr19w5z8sb7; Fri, 5 Apr 2024 17:23:31 +0200 (CEST) Received: from florianrock64 (ip92344de0.dynamic.kabel-deutschland.de [146.52.77.224]) by mxe217.netcup.net (Postfix) with ESMTPSA id 65ECB83649; Fri, 5 Apr 2024 17:23:26 +0200 (CEST) From: "pelzflorian (Florian Pelz)" In-Reply-To: <20240405004424.2e0b5389@primary_laptop> (Denis Carikli's message of "Fri, 5 Apr 2024 00:44:24 +0200") References: <20240405004424.2e0b5389@primary_laptop> Date: Fri, 05 Apr 2024 17:23:25 +0200 Message-ID: <878r1ru93m.fsf@pelzflorian.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Rspamd-Queue-Id: 65ECB83649 X-Rspamd-Server: rspamd-worker-8404 X-NC-CID: hTxpO/Sj6rCVgg8kDnl/H5Lbn9uH4ijaclEDDn5Pb0DI/E74KXwwnE1L X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Spam-Score: -5.32 X-Migadu-Queue-Id: 7A07073498 X-Migadu-Spam-Score: -5.32 X-Migadu-Scanner: mx10.migadu.com X-TUID: PaS0+mbLoMOA Hello Denis, Denis 'GNUtoo' Carikli writes: > Hi, > > About the local privilege escalation, is there any hints on how to fix > it beside updating guix with 'guix pull'? Thinking more about it, I guess the Binary Installation documentation should inform that one can install from distribution packages or from guix-install.sh, depending on who should be responsible for security updates. > For instance were there distributions that somehow backported the > patch, in order not to have a security issue when you do 'apt install > guix' or pamcan -S guix for instance? > > I'm asking because while I'm not the AUR maintainer of the 'guix' > package, I know PKGBUILDs well enough to be able to send a patch if I > find the time (and also update the Parabola package along the way). Thank you for your offer. Following hyperlinks from , I find on security patches that Vagrant cherry-picked from the Guix commits that address the vulnerability. Similar to how Guix often takes patches from Debian, you could take the patches from Guix too or indirectly from Debian. Regards, Florian