On Sat, 2021-04-03 at 18:26 +0200, Maxime Devos wrote: > A suggested blog post is attached. A revised blog post is attached. The following points are currently _not_ addressed: Ludovic Courtès wrote: > Also… in this paragraph, it’s not entirely clear which user we’re > talking about it. In news.scm, I reworded it like so: > The attack can happen when @command{guix system reconfigure} is running. > Running @command{guix system reconfigure} can trigger the creation of new user > accounts if the configuration specifies new accounts. If a user whose account > is being created manages to log in after the account has been created but > before ``skeleton files'' copied to its home directory have the right > ownership, they may, by creating an appropriately-named symbolic link in the > home directory pointing to a sensitive file, such as @file{/etc/shadow}, get > root privileges. > > It may also be worth mentioning that the user is likely unable to log in > at all at that point, as I wrote here: I can't think of something along these lines to write at the moment ... Greetings, Maxime.