We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;.
Reserved 2025-04-08 | Published 2025-04-15 | Updated 2025-04-15 | Assigner GitHub_MCWE-378: Creation of Temporary File With Insecure Permissions
CWE-379: Creation of Temporary File in Directory with Insecure Permissions
github.com/...ixpkgs/security/advisories/GHSA-m7pq-h9p4-8rr4
github.com/...ommit/b17590193d8e5697000c23c66afcf11e1753734d
github.com/...ommit/fbf76bf72b161b9f4ab97704a8258776d5f3ffba
Support options