mirror/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2025-01-18 13:36:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

news: Clarify time window for account activation vulnerability.

Browse source 
* etc/news.scm: Tweak wording about skeleton files.
This commit is contained in:
Ludovic Courtès 2021-04-03 22:19:28 +02:00
parent c9960ad67c
commit 3b6247ba6d
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
etc/news.scm
View file

@ -42,9 +42,10 @@
Running @command{guix system reconfigure} can trigger the creation of new user
accounts if the configuration specifies new accounts. If a user whose account
is being created manages to log in after the account has been created but
before ``skeleton files'' have been copied to its home directory, they may, by
creating an appropriately-named symbolic link in the home directory pointing
to a sensitive file, such as @file{/etc/shadow}, get root privileges.
before ``skeleton files'' copied to its home directory have the right
ownership, they may, by creating an appropriately-named symbolic link in the
home directory pointing to a sensitive file, such as @file{/etc/shadow}, get
root privileges.
See @uref{https://issues.guix.gnu.org/47584} for more information on this
bug.")))