diff options
| author | Maximilian Bosch <maximilian@mbosch.me> | 2024-05-04 07:26:15 +0000 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@lix> | 2024-05-04 07:26:15 +0000 |
| commit | 79d0ae667066b758fd4202cd18294a0f40ddc8f0 (patch) | |
| tree | 675df833182fbf4909a8a99a5d18c12ebad317da /doc | |
| parent | f8617f9dc65096ee1e83fe3d100cc252e9f94bf6 (diff) | |
| parent | 045ee374387cb8fd9b1d83b14574c6d92694063d (diff) | |
Merge "libstore/local-derivation-goal: prohibit creating setuid/setgid binaries" into main
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/manual/rl-next/fchmodat2-sandbox.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/manual/rl-next/fchmodat2-sandbox.md b/doc/manual/rl-next/fchmodat2-sandbox.md new file mode 100644 index 000000000..82429a93d --- /dev/null +++ b/doc/manual/rl-next/fchmodat2-sandbox.md @@ -0,0 +1,8 @@ +--- +synopsis: Creating setuid/setgid binaries with fchmodat2 is now prohibited by the build sandbox +prs: 10501 +--- + +The build sandbox blocks any attempt to create setuid/setgid binaries, but didn't check +for the use of the `fchmodat2` syscall which was introduced in Linux 6.6 and is used by +glibc >=2.39. This is fixed now. |