From 76668334958011b69747d5e09691cf21703938cc Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 26 Jan 2022 13:11:06 +0100 Subject: move security-workarounds to krebs and cleanup --- krebs/2configs/default.nix | 1 + krebs/2configs/security-workarounds.nix | 6 ++++++ lass/2configs/default.nix | 2 +- lass/2configs/security-workarounds.nix | 10 ---------- 4 files changed, 8 insertions(+), 11 deletions(-) create mode 100644 krebs/2configs/security-workarounds.nix delete mode 100644 lass/2configs/security-workarounds.nix diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 9200d41f..38d77031 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -4,6 +4,7 @@ with import ; { imports = [ ./backup.nix + ./security-workarounds.nix ]; krebs.announce-activation.enable = true; krebs.enable = true; diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix new file mode 100644 index 00000000..27d1f848 --- /dev/null +++ b/krebs/2configs/security-workarounds.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: +with import ; +{ + # https://github.com/berdav/CVE-2021-4034 + security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index dc97719a..e2163b68 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -8,7 +8,7 @@ with import ; ./vim.nix ./zsh.nix ./htop.nix - ./security-workarounds.nix + ./wiregrill.nix { users.extraUsers = diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix deleted file mode 100644 index 4b0d4867..00000000 --- a/lass/2configs/security-workarounds.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -{ - # http://seclists.org/oss-sec/2017/q1/471 - boot.extraModprobeConfig = '' - install dccp /run/current-system/sw/bin/false - ''; - - security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); -} -- cgit v1.2.3