alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
nixpkgs/nixos/modules
History
Jörg Thalheim 731917a800
cups: mount private /tmp 
printer driver and wrapper are often not written with security in mind.

While reviewing https://github.com/NixOS/nixpkgs/pull/25654 I found
a symlink-race vulnerability within the wrapper code, when writing
unique files in /tmp.
I expect this script to be reused in other models as well
as similar vulnerabilities in the code of other vendors. Therefore
I propose to make /tmp of cups.service private so that only processes
with the same privileges are able to access these files.
2017-05-10 18:03:42 +01:00
..
config environment.profileRelativeEnvVars: remove sbin from example 2017-05-09 08:51:04 +01:00
hardware hardware.enableRedistributableFirmware: fix spelling error 2017-05-09 20:13:15 +01:00
i18n/input-method Remove top-level kde5 attribute 2017-02-27 11:49:10 -06:00
installer Merge pull request #25611 from Lassulus/copytoram-option 2017-05-09 22:36:59 +01:00
misc Merge branch 'master' into clickhouse 2017-05-01 07:33:31 +02:00
profiles hardware.enableRedistributableFirmware: fix spelling error 2017-05-09 20:13:15 +01:00
programs environment: remove sbin from PATH 2017-05-06 08:39:27 +01:00
security nixos/lock-kernel-modules: fix typo in unitConfig 2017-04-30 15:17:29 +02:00
services cups: mount private /tmp 2017-05-10 18:03:42 +01:00
system systemd-boot: sync efi filesystem after update 2017-05-09 19:06:27 +01:00
tasks zfs: zed service is now called zfs-zed 2017-05-07 10:22:14 +01:00
testing kdm: drop service 2017-02-11 13:55:09 -05:00
virtualisation Merge pull request #25397 from clefru/qemu-OVMF-on-channels 2017-05-09 16:36:45 +08:00
module-list.nix Add salt master module (#25632) 2017-05-09 18:20:35 +01:00
rename.nix zsh-syntax-highlighting: Add more configuration options and move to module (#25153) 2017-04-23 21:17:31 +02:00