gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
a1a855502e16384da89883bbd58a64cf113894de
nixpkgs/nixos/modules/security
T
History
edef 09325d24b6 nixos/security/wrappers: use musl rather than glibc and explicitly unset insecure env vars 
This mitigates CVE-2023-4911, crucially without a mass-rebuild.

We drop insecure environment variables explicitly, including
glibc-specific ones, since musl doesn't do this by default.

Change-Id: I591a817e6d4575243937d9ccab51c23a96bed6f9
2023-10-05 22:04:05 +00:00
..
acme
nixos/acme: rename option credentialsFile to environmentFile
2023-09-11 16:34:20 +00:00
apparmor
nixos/apparmor: support custom i18n glibc locales
2023-07-12 21:38:31 +02:00
wrappers
nixos/security/wrappers: use musl rather than glibc and explicitly unset insecure env vars
2023-10-05 22:04:05 +00:00
apparmor.nix
audit.nix
auditd.nix
ca.nix
nixos/qemu-vm: use CA certificates from host
2023-07-06 21:32:08 +10:00
chromium-suid-sandbox.nix
dhparams.nix
doas.nix
doas: refactor config generation
2023-03-17 09:05:08 -07:00
duosec.nix
google_oslogin.nix
ipa.nix
treewide: stop using types.string
2023-08-08 21:31:21 +08:00
lock-kernel-modules.nix
treewide: use optional instead of 'then []'
2023-06-25 09:11:40 -03:00
misc.nix
oath.nix
pam_mount.nix
nixos/pam_mount: fix mounts without options (#234026)
2023-05-25 22:45:59 +02:00
pam_usb.nix
pam.nix
nixos/pam: fix typo in fscrypt enable option
2023-09-11 12:06:39 +02:00
please.nix
polkit.nix
Revert "nixos/polkit: guard static gid for polkituser behind state version"
2023-02-25 22:32:16 -05:00
rngd.nix
rtkit.nix
sudo-rs.nix
nixos/sudo-rs: add crossCompile 'fix'
2023-09-22 15:14:14 +02:00
sudo.nix
nixos/sudo: revert sudo-rs 922926cfbc (partial #253876)
2023-09-22 15:13:56 +02:00
systemd-confinement.nix
tpm2.nix
nixos/tpm2: fix typo
2023-05-09 18:02:17 +04:00