mirror of
https://github.com/NixOS/nix
synced 2024-10-18 14:32:45 -04:00
746 B
746 B
synopsis | significance | issues |
---|---|---|
Harden the user sandboxing | significant |
The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.
This is a low severity security fix, CVE-2024-38531, that was handled through the GitHub Security Advisories interface, and hence was merged directly in commit 2dd7f8f42 instead of a PR.
Credit: @alois31, Linus Heckemann (@lheckemann) Co-authors: @edolstra