From a1a20603173615557696c9af2db7a04f9986c7f6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jan 2022 18:02:35 +0100 Subject: [PATCH] ma: apply CVE-2021-4034 hotfix --- 2configs/default.nix | 1 + 2configs/security/hotfix.nix | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 2configs/security/hotfix.nix diff --git a/2configs/default.nix b/2configs/default.nix index bb5c057..7905cf4 100644 --- a/2configs/default.nix +++ b/2configs/default.nix @@ -11,6 +11,7 @@ with import ; ./editor/vim.nix ./binary-cache/nixos.nix ./minimal.nix + ./security/hotfix.nix ]; # users are super important diff --git a/2configs/security/hotfix.nix b/2configs/security/hotfix.nix new file mode 100644 index 0000000..fc52f21 --- /dev/null +++ b/2configs/security/hotfix.nix @@ -0,0 +1,4 @@ +{ pkgs, lib,... }: { + # https://github.com/berdav/CVE-2021-4034 + security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); +}