dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
4b3012c59f
nixpkgs/nixos/modules/security
History
edef 09325d24b6 nixos/security/wrappers: use musl rather than glibc and explicitly unset insecure env vars 
This mitigates CVE-2023-4911, crucially without a mass-rebuild.

We drop insecure environment variables explicitly, including
glibc-specific ones, since musl doesn't do this by default.

Change-Id: I591a817e6d4575243937d9ccab51c23a96bed6f9
2023-10-05 22:04:05 +00:00
..
acme nixos/acme: rename option credentialsFile to environmentFile 2023-09-11 16:34:20 +00:00
apparmor nixos/apparmor: support custom i18n glibc locales 2023-07-12 21:38:31 +02:00
wrappers nixos/security/wrappers: use musl rather than glibc and explicitly unset insecure env vars 2023-10-05 22:04:05 +00:00
apparmor.nix
audit.nix nixos: fix backticks in Markdown descriptions 2023-01-21 18:08:38 +01:00
auditd.nix
ca.nix nixos/qemu-vm: use CA certificates from host 2023-07-06 21:32:08 +10:00
chromium-suid-sandbox.nix
dhparams.nix
doas.nix doas: refactor config generation 2023-03-17 09:05:08 -07:00
duosec.nix
google_oslogin.nix
ipa.nix treewide: stop using types.string 2023-08-08 21:31:21 +08:00
lock-kernel-modules.nix treewide: use optional instead of 'then []' 2023-06-25 09:11:40 -03:00
misc.nix
oath.nix
pam_mount.nix nixos/pam_mount: fix mounts without options (#234026) 2023-05-25 22:45:59 +02:00
pam_usb.nix
pam.nix nixos/pam: fix typo in fscrypt enable option 2023-09-11 12:06:39 +02:00
please.nix
polkit.nix Revert "nixos/polkit: guard static gid for polkituser behind state version" 2023-02-25 22:32:16 -05:00
rngd.nix
rtkit.nix
sudo-rs.nix nixos/sudo-rs: add crossCompile 'fix' 2023-09-22 15:14:14 +02:00
sudo.nix nixos/sudo: revert sudo-rs 922926cfbc (partial #253876) 2023-09-22 15:13:56 +02:00
systemd-confinement.nix nixos/systemd-confinement: remove unused rootName 2023-01-20 22:39:16 +01:00
tpm2.nix nixos/tpm2: fix typo 2023-05-09 18:02:17 +04:00