alipSymbolic links bite again! This time it's #NixOS did you know #sydbox has trace/force_no_symlinks and trace/force_no_magiclinks options to disable following symlinks/magiclinks? You can even change them at runtime to achieve #pledge like confinement: https://discourse.nixos.org/t/nix-security-advisory-privilege-escalation-via-symlink-following-during-fod-output-registration/76900 #nix #linux #security
Nix security advisory: Privilege escalation via symlink following during FOD output registration
Summary Nix daemon is vulnerable to arbitrary file overwrites as the daemon user (root on NixOS and in multi-user installations). The issue is identified as GHSA-g3g9-5vj6-r3gj with CVE assignment pending. All users allowed to submit builds to the Nix daemon (allowed-users, everyone by default) can achieve arbitrary file writes as root and subsequent privilege escalation. Am I affected? All Nix versions since 2.21 and patch releases >=2.18.2,>=2.19.4,>=2.20.5 prior to 2.34.5, 2.33.4, 2.32.7, 2...