ma: apply CVE-2021-4034 hotfix

author: makefu <github@syntax-fehler.de> 2022-01-26 18:02:35 +0100
committer: makefu <github@syntax-fehler.de> 2022-01-26 18:02:39 +0100
commit: 14e797325e2b0b99b42332868eea10bebe5390f0 (patch)
tree: c19666215b2f4e1ed4281faf0c22f9c963053ff9
parent: 54aaf5af8ed4d62a2e6645b7ca662ffac310e86c (diff)
2 files changed, 5 insertions, 0 deletions
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index bb5c057be..7905cf4eb 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -11,6 +11,7 @@ with import <stockholm/lib>;
     ./editor/vim.nix
     ./binary-cache/nixos.nix
     ./minimal.nix
+    ./security/hotfix.nix
   ];
 
   # users are super important
diff --git a/makefu/2configs/security/hotfix.nix b/makefu/2configs/security/hotfix.nix
new file mode 100644
index 000000000..fc52f21e6
--- /dev/null
+++ b/makefu/2configs/security/hotfix.nix
@@ -0,0 +1,4 @@
+{ pkgs, lib,... }: {
+  # https://github.com/berdav/CVE-2021-4034
+  security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
+}
author	makefu <github@syntax-fehler.de>	2022-01-26 18:02:35 +0100
committer	makefu <github@syntax-fehler.de>	2022-01-26 18:02:39 +0100
commit	14e797325e2b0b99b42332868eea10bebe5390f0 (patch)
tree	c19666215b2f4e1ed4281faf0c22f9c963053ff9
parent	54aaf5af8ed4d62a2e6645b7ca662ffac310e86c (diff)