[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: website: insecure-permissions: Adjust links.
|
From: |
Ludovic Courtès |
|
Subject: |
01/01: website: insecure-permissions: Adjust links. |
|
Date: |
Thu, 17 Oct 2019 17:08:11 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix-artwork.
commit bcfdc23c2ed284aa474f8bbc09368f3b09f741bc
Author: Ludovic Courtès <address@hidden>
Date: Thu Oct 17 23:07:43 2019 +0200
website: insecure-permissions: Adjust links.
* website/posts/insecure-permissions.md: Adjust URLs to the bug report
and to the fix.
---
website/posts/insecure-permissions.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/website/posts/insecure-permissions.md
b/website/posts/insecure-permissions.md
index 6dd6016..fda9ef3 100644
--- a/website/posts/insecure-permissions.md
+++ b/website/posts/insecure-permissions.md
@@ -20,7 +20,7 @@ On a multi-user system, this allowed a malicious user to
create and
populate that `$USER` sub-directory for another user that had not yet
logged in. Since `/var/…/$USER` is in `$PATH`, the target user could
end up running attacker-provided code. See
-https://issues.guix.gnu.org/issue/37744 for more information.
+[the bug report](https://issues.guix.gnu.org/issue/37744) for more information.
This issue was initially [reported by Michael Orlitzky for
Nix](https://www.openwall.com/lists/oss-security/2019/10/09/4)
@@ -28,7 +28,8 @@ Nix](https://www.openwall.com/lists/oss-security/2019/10/09/4)
# Fix
-The [fix](https://issues.guix.gnu.org/issue/37744) consists in letting
+The
[fix](https://git.savannah.gnu.org/cgit/guix.git/commit/?id=81c580c8664bfeeb767e2c47ea343004e88223c7)
+consists in letting
`guix-daemon` create these directories on behalf of users and removing
the world-writable permissions on `per-user`.