l: workaround for CVE-2021-4034

2022-01-26 12:17:04 +01:00 · 2022-01-26 12:17:04 +01:00 · b749315dc7
commit b749315dc7
parent 37a3ec2948
1 changed files with 3 additions and 1 deletions
--- a/lass/2configs/security-workarounds.nix
+++ b/lass/2configs/security-workarounds.nix
@ -1,8 +1,10 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 with import <stockholm/lib>;
 {
  # http://seclists.org/oss-sec/2017/q1/471
  boot.extraModprobeConfig = ''
    install dccp /run/current-system/sw/bin/false
  '';
+
+  security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
 }