From 14e797325e2b0b99b42332868eea10bebe5390f0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 26 Jan 2022 18:02:35 +0100
Subject: ma: apply CVE-2021-4034 hotfix

---
 makefu/2configs/default.nix         | 1 +
 makefu/2configs/security/hotfix.nix | 4 ++++
 2 files changed, 5 insertions(+)
 create mode 100644 makefu/2configs/security/hotfix.nix

(limited to 'makefu/2configs')

diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index bb5c057b..7905cf4e 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -11,6 +11,7 @@ with import <stockholm/lib>;
     ./editor/vim.nix
     ./binary-cache/nixos.nix
     ./minimal.nix
+    ./security/hotfix.nix
   ];
 
   # users are super important
diff --git a/makefu/2configs/security/hotfix.nix b/makefu/2configs/security/hotfix.nix
new file mode 100644
index 00000000..fc52f21e
--- /dev/null
+++ b/makefu/2configs/security/hotfix.nix
@@ -0,0 +1,4 @@
+{ pkgs, lib,... }: {
+  # https://github.com/berdav/CVE-2021-4034
+  security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
+}
-- 
cgit v1.2.3