GNU Guix Vulnerabilities Enable Remote Privilege Escalation and Data Corruption
Four critical vulnerabilities in GNU Guix's package substitution and channel management features allow for remote privilege escalation, data corruption, and local file disclosure.

Four significant security vulnerabilities have been disclosed in the GNU Guix package manager, impacting its mechanisms for handling binary package substitutes and managing software channels. These flaws, detailed by the Guix development team, create opportunities for remote attackers to escalate privileges, corrupt stored data, and potentially access sensitive files readable by the Guix build daemon.
The most severe issues lie within the guix substitute utility. One critical flaw in the restore-file procedure allows for arbitrary file overwrites. Previously, Guix would extract downloaded binary substitutes before their full hash verification was complete. An attacker controlling a substitute server, or intercepting traffic, could deliver a malicious archive that, upon extraction, writes files to locations accessible by the daemon user. This exploit is possible even without compromising official Guix servers, as any configured substitute server can be weaponized. The vulnerability is exacerbated by the fact that the metadata fetching process did not securely bind the substitute download URL to signed metadata, making HTTPS alone insufficient protection.
A second vulnerability in guix substitute allows a malicious server to provide legitimate metadata for one package while serving the binary for a different, potentially malicious or outdated, package. This could trick the package manager into installing unintended software, including older, insecure versions, thereby undermining system integrity and security.
The third guix substitute vulnerability involves the handling of file:// URLs. If a local client can access the guix-daemon socket, it can instruct the daemon to read files using local file URIs. An error during the parsing of the narinfo metadata for such a file could lead to its contents being exposed in an error backtrace returned to the client, potentially revealing secrets accessible to the daemon account.
Separately, the guix pull and guix time-machine commands are affected by a path traversal vulnerability within their channel authentication caching mechanism. An attacker who controls a channel file could craft a channel name to create or overwrite files writable by the user running the command. While the project assesses the most likely impact as denial-of-service, the potential for further abuse in specific environments exists.
These vulnerabilities affect Guix systems regardless of whether the guix-daemon runs with root privileges. However, the impact is significantly amplified on systems where the daemon operates as root, as an attacker could potentially overwrite critical system files like /etc/passwd or install malicious software in sensitive directories.
The Guix developers have addressed these issues through a series of commits, with fixes available from commit 897832f374dcdc9eeaf19d01e70b9a92fccfc68c onwards. Users and administrators are advised to upgrade their guix and guix-daemon installations promptly. As a temporary mitigation, especially on exposed systems, administrators might consider using the --no-substitutes flag during upgrades, though this increases the burden of building packages locally.
To help users assess their exposure, Guix provides a Scheme-based checker that can report whether a system remains vulnerable to these four identified flaws. The disclosure underscores the ongoing challenges in securing complex package management systems, particularly those that rely on distributed trust and flexible substitution mechanisms.