wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 10:11:47 +02:00
Code Activity

Add release notes

Browse source 
Co-authored-by: Theophane Hufschmitt <theophane.hufschmitt@tweag.io>
This commit is contained in:
Tom Bereknyei 2024-03-01 04:01:23 -05:00 committed by Théophane Hufschmitt
parent 4bc5a3510f
commit 9e7065bef5
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
doc/manual/src/release-notes/rl-next.md
View file

@ -1 +1,9 @@
# Release X.Y (202?-??-??) # Release X.Y (202?-??-??)
- Fix a FOD sandbox escape:
Cooperating Nix derivations could send file descriptors to files in the Nix
store to each other via Unix domain sockets in the abstract namespace. This
allowed one derivation to modify the output of the other derivation, after Nix
has registered the path as "valid" and immutable in the Nix database.
In particular, this allowed the output of fixed-output derivations to be
modified from their expected content. This isn't the case any more.