nixpkgs/nixos/modules/security
edef 09325d24b6 nixos/security/wrappers: use musl rather than glibc and explicitly unset insecure env vars
This mitigates CVE-2023-4911, crucially without a mass-rebuild.

We drop insecure environment variables explicitly, including
glibc-specific ones, since musl doesn't do this by default.

Change-Id: I591a817e6d4575243937d9ccab51c23a96bed6f9
2023-10-05 22:04:05 +00:00
..
acme nixos/acme: rename option credentialsFile to environmentFile 2023-09-11 16:34:20 +00:00
apparmor nixos/apparmor: support custom i18n glibc locales 2023-07-12 21:38:31 +02:00
wrappers nixos/security/wrappers: use musl rather than glibc and explicitly unset insecure env vars 2023-10-05 22:04:05 +00:00
apparmor.nix nixos: fix typos 2022-12-17 19:31:14 -05:00
audit.nix nixos: fix backticks in Markdown descriptions 2023-01-21 18:08:38 +01:00
auditd.nix nixos/*: automatically convert option descriptions 2022-08-31 16:32:53 +02:00
ca.nix nixos/qemu-vm: use CA certificates from host 2023-07-06 21:32:08 +10:00
chromium-suid-sandbox.nix treewide: automatically md-convert option descriptions 2022-07-30 15:16:34 +02:00
dhparams.nix nixos/*: convert options with admonitions to MD 2022-08-31 16:36:16 +02:00
doas.nix doas: refactor config generation 2023-03-17 09:05:08 -07:00
duosec.nix treewide: automatically md-convert option descriptions 2022-07-30 15:16:34 +02:00
google_oslogin.nix treewide: automatically md-convert option descriptions 2022-07-30 15:16:34 +02:00
ipa.nix treewide: stop using types.string 2023-08-08 21:31:21 +08:00
lock-kernel-modules.nix treewide: use optional instead of 'then []' 2023-06-25 09:11:40 -03:00
misc.nix nixos/*: convert varlist-using options to MD 2022-08-31 16:32:53 +02:00
oath.nix treewide: automatically md-convert option descriptions 2022-07-30 15:16:34 +02:00
pam_mount.nix nixos/pam_mount: fix mounts without options (#234026) 2023-05-25 22:45:59 +02:00
pam_usb.nix nixos/*: automatically convert option docs to MD 2022-08-03 22:46:41 +02:00
pam.nix nixos/pam: fix typo in fscrypt enable option 2023-09-11 12:06:39 +02:00
please.nix nixos/please: init module 2022-10-15 07:05:10 -07:00
polkit.nix Revert "nixos/polkit: guard static gid for polkituser behind state version" 2023-02-25 22:32:16 -05:00
rngd.nix
rtkit.nix treewide: automatically md-convert option descriptions 2022-07-30 15:16:34 +02:00
sudo-rs.nix nixos/sudo-rs: add crossCompile 'fix' 2023-09-22 15:14:14 +02:00
sudo.nix nixos/sudo: revert sudo-rs 922926cfbc (partial #253876) 2023-09-22 15:13:56 +02:00
systemd-confinement.nix nixos/systemd-confinement: remove unused rootName 2023-01-20 22:39:16 +01:00
tpm2.nix nixos/tpm2: fix typo 2023-05-09 18:02:17 +04:00