summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2022-01-26 12:17:04 +0100
committerlassulus <lassulus@lassul.us>2022-01-26 12:17:04 +0100
commitb749315dc7db653d1f077e775eab28d206a029a4 (patch)
treeabfd482916ea16ed81dec32c67e0cdc5dc659a75
parent37a3ec294857d911f98d032a4cd3b69e50ae54ba (diff)
l: workaround for CVE-2021-4034
-rw-r--r--lass/2configs/security-workarounds.nix4
1 files changed, 3 insertions, 1 deletions
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
index 537c8a59b..4b0d48671 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/lass/2configs/security-workarounds.nix
@@ -1,8 +1,10 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
# http://seclists.org/oss-sec/2017/q1/471
boot.extraModprobeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
+
+ security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
}