forked from lix-project/lix
22 lines
1.1 KiB
Markdown
22 lines
1.1 KiB
Markdown
# Release 1.11.10 (2017-06-12)
|
||
|
||
This release fixes a security bug in Nix’s “build user” build isolation
|
||
mechanism. Previously, Nix builders had the ability to create setuid
|
||
binaries owned by a `nixbld` user. Such a binary could then be used by
|
||
an attacker to assume a `nixbld` identity and interfere with subsequent
|
||
builds running under the same UID.
|
||
|
||
To prevent this issue, Nix now disallows builders to create setuid and
|
||
setgid binaries. On Linux, this is done using a seccomp BPF filter. Note
|
||
that this imposes a small performance penalty (e.g. 1% when building GNU
|
||
Hello). Using seccomp, we now also prevent the creation of extended
|
||
attributes and POSIX ACLs since these cannot be represented in the NAR
|
||
format and (in the case of POSIX ACLs) allow bypassing regular Nix store
|
||
permissions. On macOS, the restriction is implemented using the existing
|
||
sandbox mechanism, which now uses a minimal “allow all except the
|
||
creation of setuid/setgid binaries” profile when regular sandboxing is
|
||
disabled. On other platforms, the “build user” mechanism is now
|
||
disabled.
|
||
|
||
Thanks go to Linus Heckemann for discovering and reporting this bug.
|