mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-22 05:56:15 +02:00
746 B
746 B
| synopsis | significance | issues |
|---|---|---|
| Harden the user sandboxing | significant |
The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.
This is a low severity security fix, CVE-2024-38531, that was handled through the GitHub Security Advisories interface, and hence was merged directly in commit 2dd7f8f42 instead of a PR.
Credit: @alois31, Linus Heckemann (@lheckemann) Co-authors: @edolstra