mirror/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2025-01-31 06:46:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

news: Clarify time window for account activation vulnerability.

Browse source 
* etc/news.scm: Tweak wording about skeleton files.
This commit is contained in:
Ludovic Courtès 2021-04-03 22:19:28 +02:00
parent c9960ad67c
commit 3b6247ba6d
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
etc/news.scm
View file

@ -42,9 +42,10 @@
Running @command{guix system reconfigure} can trigger the creation of new user Running @command{guix system reconfigure} can trigger the creation of new user
accounts if the configuration specifies new accounts. If a user whose account accounts if the configuration specifies new accounts. If a user whose account
is being created manages to log in after the account has been created but is being created manages to log in after the account has been created but
before ``skeleton files'' have been copied to its home directory, they may, by before ``skeleton files'' copied to its home directory have the right
creating an appropriately-named symbolic link in the home directory pointing ownership, they may, by creating an appropriately-named symbolic link in the
to a sensitive file, such as @file{/etc/shadow}, get root privileges. home directory pointing to a sensitive file, such as @file{/etc/shadow}, get
root privileges.
See @uref{https://issues.guix.gnu.org/47584} for more information on this See @uref{https://issues.guix.gnu.org/47584} for more information on this
bug."))) bug.")))