Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nix allows macOS sandbox escape via built-in builders
Vulnerability Description
Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import <nix/fetchurl.nix>`) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. This issue is fixed in 2.18.9, 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, and 2.24.10. Note that sandboxing is not enabled by default on macOS. The Nix sandbox is not primarily intended as a security mechanism, but as an aid to improve reproducibility and purity of Nix builds. However, sandboxing *can* mitigate the impact of other security issues by limiting what parts of the host system a build has access to.
CVSS Information
N/A
Vulnerability Type
保护机制失效
Vulnerability Title
Nix 安全漏洞
Vulnerability Description
Nix是Nix开源的一个强大的包管理器。用于制作包。 Nix存在安全漏洞,该漏洞源于macOS上内置构建器未在macOS沙箱中执行,导致这些构建器能够访问沙箱外部的全局可读路径和全局可写路径。
CVSS Information
N/A
Vulnerability Type
N/A