-
## Issue description
Looks like the latest Nix (1.11.10) has security improvements that limit various permissions/ownership actions during a build.
While some of these have been fixed (https://g…
-
I was trying to implement a script that temporarily mounts a filesystem using unionfs. My problem with this is that I cannot find a method to reliably unmount this filesystem (from the same script) af…
-
While working on , I realized that flatpak's system helper could write root-owned suid binaries.
Breaking https://github.com/flatpak/flatpak/pull/837 out into an issue, since I think we need to do …
-
I'm running Funtoo with Firefox 54 and Firejail 0.9.46. Since I don't like Pulseaudio, I installed apulse to make the sound work via ALSA instead. The only problem is that I get no sound if I run Fire…
-
With bare repository this is not an issue, but with bare-user and user mode checkouts, my expectation is that permissions are not munged, only file ownership is left to the active user.
This test c…
-
Here is a report from the oss-security mailing list for [Vulnerability Roundup 27](https://github.com/NixOS/nixpkgs/issues/24319).
[Skip to First Email](#first-email)
# Instructions:
## Identificati…
-
I thought I'd leave a little note here about an easy way to make jailed applications work with Tor when they don't have proxy options and don't respect `HTTP_PROXY` and its variants. You will need a p…
-
Rough summary:
- itch launches native games
- native games have full access to the filesystem etc.
- the filesystem might contain stuff we don't want games to access, such as
- credentials
- perso…
-
From reading of source code, env override is disabled for suid binaries [on this line](https://github.com/KhronosGroup/Vulkan-LoaderAndValidationLayers/blob/master/loader/loader.c#L2621) but this does…
-
Hey,
first of all thanks for the work and this great software.
I use archlinux with all packages up-to-date. Lynis worked correctly until version 2.6.0. Version 2.6.1. gives a lot of errors.
…