#nixos-security on 2021-02-10

2020-11-04 15:50 andi- changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh | Currently supported releases: unstable (master), 20.09, 20.03 (until 27th of November)

00:46 supersandro2000 has quit [Disconnected by services]

00:46 supersandro2000 has joined #nixos-security

00:49 danderson has joined #nixos-security

00:53 rajivr has joined #nixos-security

01:20 <ajs124> way too tempted to paste one of the relevant strings and see who disconnects

01:24 <IdleBot_c2ca5d90> ajs124: as an advertisement for ii, where the _view_ can crash, but the logs still keep being written?

01:25 <IdleBot_c2ca5d90> Properly used OS isolation primitives, such as processes, certainly add value both for security and for stability… (yes, I am writing this through ii)

01:27 <ajs124> No, just because. My own IRC setup actually involves node.js and python, so I can't really judge people there.

01:33 cole-h has quit [Ping timeout: 272 seconds]

02:32 hexa- has quit [Quit: WeeChat 2.9]

02:35 hexa- has joined #nixos-security

03:06 justanotheruser has joined #nixos-security

04:37 hexa- has quit [*.net *.split]

04:38 tokudan has quit [*.net *.split]

04:38 alexbakker has quit [*.net *.split]

04:38 energizer has quit [*.net *.split]

04:38 IdleBot_c2ca5d90 has quit [*.net *.split]

04:42 alexbakker has joined #nixos-security

04:42 tokudan has joined #nixos-security

04:42 hexa- has joined #nixos-security

04:42 energizer has joined #nixos-security

04:42 IdleBot_c2ca5d90 has joined #nixos-security

04:43 hexa- has quit [Max SendQ exceeded]

04:44 hexa- has joined #nixos-security

04:45 bbigras has quit [Ping timeout: 260 seconds]

04:46 kalbasit[m] has quit [Ping timeout: 240 seconds]

04:46 julianst[m] has quit [Ping timeout: 240 seconds]

04:46 thefloweringash has quit [Ping timeout: 244 seconds]

04:46 danielrf[m] has quit [Ping timeout: 260 seconds]

04:46 colemickens has quit [Ping timeout: 260 seconds]

04:48 aanderse has quit [Ping timeout: 240 seconds]

04:48 immae has quit [Ping timeout: 240 seconds]

04:49 Yakulu[m] has quit [Ping timeout: 268 seconds]

04:49 Ox4A6F has quit [Ping timeout: 268 seconds]

04:49 nh2[m] has quit [Ping timeout: 240 seconds]

04:50 cemguresci[m] has quit [Ping timeout: 265 seconds]

05:06 bbigras has joined #nixos-security

05:06 danielrf[m] has joined #nixos-security

05:07 colemickens has joined #nixos-security

05:10 thefloweringash has joined #nixos-security

05:10 kalbasit[m] has joined #nixos-security

05:12 julianst[m] has joined #nixos-security

05:19 cemguresci[m] has joined #nixos-security

05:24 aanderse has joined #nixos-security

05:24 immae has joined #nixos-security

05:24 Ox4A6F has joined #nixos-security

05:24 Yakulu[m] has joined #nixos-security

05:25 nh2[m] has joined #nixos-security

06:43 danderson has quit [Remote host closed the connection]

06:43 danderson has joined #nixos-security

07:02 cole-h has joined #nixos-security

08:06 <eyJhb> ajs124: Dooo it! :D

09:24 cole-h has quit [Ping timeout: 256 seconds]

11:15 c74d has left #nixos-security [#nixos-security]

11:48 star_cloud has quit [Remote host closed the connection]

11:49 star_cloud has joined #nixos-security

11:58 star_cloud has quit [Excess Flood]

12:00 star_cloud has joined #nixos-security

12:49 rosariopulella[m has joined #nixos-security

12:59 SmeefKO has joined #nixos-security

13:00 SmeefKO has quit [Connection closed]

13:07 kamelosoXf has joined #nixos-security

13:07 <kamelosoXf> /!\ this channel has moved to ##hamradio /!\

13:07 <lassulus> I doubt that

13:08 kamelosoXf has quit [Remote host closed the connection]

13:12 Raito_BezariusAX has joined #nixos-security

13:12 <Raito_BezariusAX> /!\ this channel has moved to #nyymit /!\

13:12 trobothamRr has joined #nixos-security

13:12 <trobothamRr> /!\ this channel has moved to #nyymit /!\

13:12 ExaetamH has joined #nixos-security

13:12 <ExaetamH> /!\ this channel has moved to #nyymit /!\

13:12 jorrakayvM has joined #nixos-security

13:12 ExaetamH has quit [Remote host closed the connection]

13:12 <jorrakayvM> /!\ this channel has moved to #nyymit /!\

13:12 trobothamRr has quit [Remote host closed the connection]

13:13 Raito_BezariusAX has quit [Remote host closed the connection]

13:13 jorrakayvM has quit [Remote host closed the connection]

13:14 mlhess has joined #nixos-security

13:14 <mlhess> /!\ this channel has moved to #nyymit /!\

13:15 mlhess has quit [Remote host closed the connection]

13:15 Dworf has joined #nixos-security

13:15 <Dworf> /!\ this channel has moved to #nyymit /!\

13:16 Dworf has quit [Remote host closed the connection]

13:16 DarkMukkeOA has joined #nixos-security

13:16 DarkMukkeOA has quit [Remote host closed the connection]

13:24 <supersandro2000> gchristensen: can we do something about this?

13:28 <raboof> it's all over freenode...

13:36 <supersandro2000> noticed that now too

15:10 <hexa-> https://github.com/facebook/zstd/pull/1644

15:10 <{^_^}> facebook/zstd#1644 (by chungy, 1 year ago, merged): [programs] set chmod 600 after opening destination file

15:11 <hexa-> It was discovered that zstd, a compression utility, temporarily

15:11 <hexa-> exposed a world-readable version of its input even if the original

15:11 <hexa-> file had restrictive permissions.

15:11 <gchristensen> oh GOD

15:13 <eyJhb> Is there any CVE/patch for Screen yet?

15:14 <hexa-> there is tmux, if that helps :p

15:14 <qyliss> hexa-: IT STILL DOES

15:14 <qyliss> just for less time

15:14 <eyJhb> I don's use screen that much, but a patch would show where the actual fault is, and allow fer maybe better exploitation

15:14 <eyJhb> Does tmux crash?

15:15 <hexa-> qyliss: yep

15:15 <hexa-> eyJhb: I don't believe so

15:15 <hexa-> I don't see any activity over here https://git.savannah.gnu.org/cgit/screen.git

15:15 <eyJhb> Same....

15:15 <hexa-> https://security-tracker.debian.org/tracker/CVE-2021-26937

15:16 <eyJhb> So I have two things to do after exam, look at this, and play Minecraft. Yay

15:16 <hexa-> https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00003.html

15:16 <hexa-> no fix yet

15:17 <eyJhb> Uhh, nice :)

15:18 <hexa-> qyliss: oh boy, that issue is from 2019 and only just got a CVE

15:18 <eyJhb> Thanks hexa- :)

15:18 <hexa-> so we're good

15:20 <hexa-> I only just noticed it, because debian sent out an advisory

15:21 <eyJhb> How does the -security part of NixOS work? Just a lot of, hopefully we see all the security related things? Or is there a better process? :)

15:22 <eyJhb> ie. any automation?

15:40 lassulus has quit [Quit: WeeChat 2.9]

15:41 lassulus has joined #nixos-security

15:50 Reventlov has joined #nixos-security

17:28 <ajs124> ckauhaus: has some automation to open issues for CVEs, but handling/fixing them seems largely manual.

17:28 <ajs124> eyJhb: ^

17:58 rajivr has quit [Quit: Connection closed for inactivity]

18:37 cole-h has joined #nixos-security

19:08 red[evilred] has joined #nixos-security

19:08 <red[evilred]> Slightly off-topic but not really...

19:09 <red[evilred]> has anyone built something like a NixOS configuration for a VM-based browser

19:09 <red[evilred]> ie, have the browser run with minimal OS underneath

19:10 <gchristensen> maybe tito

19:10 <red[evilred]> (as a side-comment, I just rented hardware in a colo so I need to become intimately aquianted with how NixOS works with headless virtual machines too)

19:10 <red[evilred]> is tito a person or a project?

19:10 <red[evilred]> sorry - don't recognize the name

19:10 <gchristensen> person

19:42 <Ox4A6F> Do we have people on this list? https://oss-security.openwall.org/wiki/mailing-lists/distros

19:44 <gchristensen> not acting in the capacity of NixOS

21:01 <IdleBot_c2ca5d90> You want specifically VM? I have some things for running Firefox in an nsjail (with pretty little inside, except bind-mounted store)

22:17 lejonet has quit [Ping timeout: 260 seconds]

22:46 red[evilred] has quit [Quit: Idle timeout reached: 10800s]