guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security weakness in Guix services

From: Maxime Devos
Subject: Re: Potential security weakness in Guix services
Date: Mon, 01 Feb 2021 17:19:45 +0100
User-agent: Evolution 3.34.2 
> > I’m not sure I understand the threat model.  If Knot has a RCE
> > vulnerability, it can be exploited to run anything on behalf of the
> > ‘knot’ user.
> > 
> > At that point, all the state associated with Knot in /var/lib should be
> > considered tainted; new keys should be generated, and so on.
> > 
> > Why focus on the permissions on /var/lib/knot?
> 
> My understanding is that, in case of an RCE in knot, the attacker can
> replace /var/lib/knot/* with symlinks to arbitrary files in the FS. When
> the activation procedure is run afterwards, the files being linked to
> are chowned to the knot user, and the attacker can access them.

That's exactly what I had in mind!  Though I would like to stress that
‘access’ here is both reading and writing.

Maxime.

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to
[Prev in Thread] Current Thread [Next in Thread]