c0bw3b_ has quit [Remote host closed the connection]
pie___ has joined #nixos-security
pie__ has quit [Ping timeout: 268 seconds]
pie___ has quit [Quit: Leaving]
guaraqe has joined #nixos-security
__Sander__ has joined #nixos-security
qyliss has joined #nixos-security
c0bw3b_ has joined #nixos-security
<gchristensen> https://gitlab.freedesktop.org/polkit/polkit/issues/74 NixOS used in discovering pretty weird polkit bug
<LnL> :/
<ekleog> … wait, isn't that a local root?
<ekleog> (userns, all that)
* ekleog can't investigate right now, but…
<pietranera> yes, that was posted by uset tv
<pietranera> /s/uset/user
<gchristensen> yay tv!
<pietranera> would it be worth opening an issue on nixpkgs to track the update of polkit?
<flokli> pietranera: so far, subscribed to the fdo issue
c0bw3b_ has quit [Remote host closed the connection]
guaraqe has quit [Ping timeout: 268 seconds]
pietranera has quit [Ping timeout: 250 seconds]
guaraqe has joined #nixos-security
pietranera has joined #nixos-security
<pietranera> re polkit bug, it might be worth to rebuild polkit with the patch in the commit that mitigates the vuln?
<gchristensen> not sure, it seems like a pretty low risk issue
<gchristensen> you need to be root to exploit it
<gchristensen> or am I wrong, and there is a way to get that uid without having root?
<pietranera> IIRC The bug can be exploted by a user whose uid/gid is larger than max int
<pietranera> I guess that NixOs has a lower chance to get "random" packages installed...
<gchristensen> installing packages doesn't get you a uid, you have to enable a service in the configuration.nix, and nixos-rebuild switch
<pietranera> my bad, I meand services
<pietranera> /s/meand/meant
<gchristensen> yeah
<gchristensen> I'm not -1 on the idea of patching now, but also I don't feel the need to rush
<pietranera> agree (FWIW)
<gchristensen> cool
<pietranera> and BTW thank you all for the work on NixOs AND security that you're putting together :)
__Sander__ has quit [Quit: Konversation terminated!]
guaraqe has quit [Remote host closed the connection]
pietranera has quit [Quit: Leaving.]