diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index bb5c057be..7905cf4eb 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -11,6 +11,7 @@ with import ; ./editor/vim.nix ./binary-cache/nixos.nix ./minimal.nix + ./security/hotfix.nix ]; # users are super important diff --git a/makefu/2configs/security/hotfix.nix b/makefu/2configs/security/hotfix.nix new file mode 100644 index 000000000..fc52f21e6 --- /dev/null +++ b/makefu/2configs/security/hotfix.nix @@ -0,0 +1,4 @@ +{ pkgs, lib,... }: { + # https://github.com/berdav/CVE-2021-4034 + security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); +}