From b749315dc7db653d1f077e775eab28d206a029a4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 26 Jan 2022 12:17:04 +0100
Subject: l: workaround for CVE-2021-4034

---
 lass/2configs/security-workarounds.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lass')

diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
index 537c8a59..4b0d4867 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/lass/2configs/security-workarounds.nix
@@ -1,8 +1,10 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 with import <stockholm/lib>;
 {
   # http://seclists.org/oss-sec/2017/q1/471
   boot.extraModprobeConfig = ''
     install dccp /run/current-system/sw/bin/false
   '';
+
+  security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
 }
-- 
cgit v1.2.3