CVE-2021-27851

Name of the Vulnerable Software and Affected Versions: guix-daemon versions prior to v1.2.0-75109-g94f0312546 guix-daemon versions v0.11.0-3298-g2608e40988 and later

Description: A security issue has been discovered that can lead to local privilege escalation. It affects multi-user setups where guix-daemon runs locally. The attack involves an unprivileged user creating a build process, making its build directory world-writable, and then creating a hardlink to a root-owned file, such as /etc/shadow, in that directory. If the build fails and the --keep-failed option is used, the daemon changes ownership of the build tree, including the hardlink, to the user, granting them write access to the target file.

Recommendations: For versions prior to v1.2.0-75109-g94f0312546, update to a version that includes the fix for this issue. For versions v0.11.0-3298-g2608e40988 and later, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the guix build command with the --keep-failed option to prevent potential exploitation.