diff options
Diffstat (limited to 'doc/manual/rl-next/cve-fod-fix.md')
| -rw-r--r-- | doc/manual/rl-next/cve-fod-fix.md | 21 |
1 files changed, 0 insertions, 21 deletions
diff --git a/doc/manual/rl-next/cve-fod-fix.md b/doc/manual/rl-next/cve-fod-fix.md deleted file mode 100644 index 4499f639b..000000000 --- a/doc/manual/rl-next/cve-fod-fix.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -synopsis: "Fix CVE-2024-27297 (GHSA-2ffj-w4mj-pg37)" -cls: 266 -credits: [puck, jade, thufschmitt, tomberek, valentin] -category: Fixes ---- - -Since Lix fixed-output derivations run in the host network namespace (which we -wish to change in the future, see -[lix#285](https://git.lix.systems/lix-project/lix/issues/285)), they may open -abstract-namespace Unix sockets to each other and to programs on the host. Lix -contained a now-fixed time-of-check/time-of-use vulnerability where one -derivation could send writable handles to files in their final location in the -store to another over an abstract-namespace Unix socket, exit, then the other -derivation could wait for Lix to hash the paths and overwrite them. - -The impact of this vulnerability is that two malicious fixed-output derivations -could create a poisoned path for the sources to Bash or similarly important -software containing a backdoor, leading to local privilege execution. - -CppNix advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 |