Risk of local privilege escalation via setuid programs

Ludovic Courtès — 2021-02- 9

On Guix System, setuid programs were, until now, installed as setuid-root and setgid-root (in the /run/setuid-programs directory). However, most of these programs are meant to run as setuid-root, but not setgid-root. Thus, this setting posed a risk of local privilege escalation (users of Guix on a “foreign distro” are unaffected).

This bug has been fixed and users are advised to upgrade their system, with commands along the lines of:

guix pull
sudo guix system reconfigure /run/current-system/configuration.scm

This issue is tracked as bug #46305; you can read the thread for more information. There are no known exploitation of this issue to date. Many thanks to Duncan Overbruck for reporting it.

Please report any issues you may have to guix-devel@gnu.org. See the security web page for information on how to report security issues.

About GNU Guix

GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the Hurd or the Linux kernel, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, and AArch64 machines.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. When used as a standalone GNU/Linux distribution, Guix offers a declarative, stateless approach to operating system configuration management. Guix is highly customizable and hackable through Guile programming interfaces and extensions to the Scheme language.