The NixOS project has disclosed a critical privilege escalation vulnerability in the Nix package manager daemon. The flaw stems from a buggy fix for CVE-2024-27297 and allows arbitrary file overwrites by following symlinks during fixed-output derivation output registration. On multi-user Linux installations, any user permitted to submit builds to the Nix daemon (all users by default) can gain root privileges by manipulating sensitive files. Sandboxed macOS builds are unaffected. All default NixOS configurations and systems building untrusted derivations are impacted.
Sort: