Improper POSIX Hard Links in GuixSD: Violation of Security Assumption

Improper POSIX Hard Links in GuixSD: Violation of Security Assumption

CVE-2017-1000455 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.

Learn more about our Web Application Penetration Testing UK.