From 14e797325e2b0b99b42332868eea10bebe5390f0 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jan 2022 18:02:35 +0100 Subject: ma: apply CVE-2021-4034 hotfix --- makefu/2configs/default.nix | 1 + makefu/2configs/security/hotfix.nix | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 makefu/2configs/security/hotfix.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index bb5c057be..7905cf4eb 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -11,6 +11,7 @@ with import ; ./editor/vim.nix ./binary-cache/nixos.nix ./minimal.nix + ./security/hotfix.nix ]; # users are super important diff --git a/makefu/2configs/security/hotfix.nix b/makefu/2configs/security/hotfix.nix new file mode 100644 index 000000000..fc52f21e6 --- /dev/null +++ b/makefu/2configs/security/hotfix.nix @@ -0,0 +1,4 @@ +{ pkgs, lib,... }: { + # https://github.com/berdav/CVE-2021-4034 + security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); +} -- cgit v1.2.3