c0bw3b_ has quit [Remote host closed the connection]
pie___ has joined #nixos-security
pie__ has quit [Ping timeout: 268 seconds]
pie___ has quit [Quit: Leaving]
guaraqe has joined #nixos-security
__Sander__ has joined #nixos-security
qyliss has joined #nixos-security
c0bw3b_ has joined #nixos-security
<
ekleog>
… wait, isn't that a local root?
<
ekleog>
(userns, all that)
* ekleog
can't investigate right now, but…
<
pietranera>
yes, that was posted by uset tv
<
pietranera>
/s/uset/user
<
gchristensen>
yay tv!
<
pietranera>
would it be worth opening an issue on nixpkgs to track the update of polkit?
<
flokli>
pietranera: so far, subscribed to the fdo issue
c0bw3b_ has quit [Remote host closed the connection]
guaraqe has quit [Ping timeout: 268 seconds]
pietranera has quit [Ping timeout: 250 seconds]
guaraqe has joined #nixos-security
pietranera has joined #nixos-security
<
pietranera>
re polkit bug, it might be worth to rebuild polkit with the patch in the commit that mitigates the vuln?
<
gchristensen>
not sure, it seems like a pretty low risk issue
<
gchristensen>
you need to be root to exploit it
<
gchristensen>
or am I wrong, and there is a way to get that uid without having root?
<
pietranera>
IIRC The bug can be exploted by a user whose uid/gid is larger than max int
<
pietranera>
I guess that NixOs has a lower chance to get "random" packages installed...
<
gchristensen>
installing packages doesn't get you a uid, you have to enable a service in the configuration.nix, and nixos-rebuild switch
<
pietranera>
my bad, I meand services
<
pietranera>
/s/meand/meant
<
gchristensen>
yeah
<
gchristensen>
I'm not -1 on the idea of patching now, but also I don't feel the need to rush
<
pietranera>
agree (FWIW)
<
gchristensen>
cool
<
pietranera>
and BTW thank you all for the work on NixOs AND security that you're putting together :)
__Sander__ has quit [Quit: Konversation terminated!]
guaraqe has quit [Remote host closed the connection]
pietranera has quit [Quit: Leaving.]