mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-22 05:56:15 +02:00
Add release notes
This commit is contained in:
parent
65b79c52c6
commit
cd9baa1809
1 changed files with 14 additions and 0 deletions
14
doc/manual/rl-next/fod-sandbox-escape.md
Normal file
14
doc/manual/rl-next/fod-sandbox-escape.md
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
synopsis: Fix a FOD sandbox escape
|
||||||
|
issues:
|
||||||
|
prs:
|
||||||
|
---
|
||||||
|
|
||||||
|
Cooperating Nix derivations could send file descriptors to files in the Nix
|
||||||
|
store to each other via Unix domain sockets in the abstract namespace. This
|
||||||
|
allowed one derivation to modify the output of the other derivation, after Nix
|
||||||
|
has registered the path as "valid" and immutable in the Nix database.
|
||||||
|
In particular, this allowed the output of fixed-output derivations to be
|
||||||
|
modified from their expected content.
|
||||||
|
|
||||||
|
This isn't the case any more.
|
Loading…
Reference in a new issue