Ubuthathaka bufunyenwe kwi-GNU Guix, i-Nix, kunye nabaphathi bephakheji ye-Lix (i-Nix, i-Guix, i-Lix) evumela ukuba ikhowudi iqhutywe kunye namalungelo abasebenzisi abaphantsi kwayo imisebenzi yokwakha iqaliswe (umzekelo, i-nixbld * kwi-Nix / Lix), engasetyenziselwa ukubhala idatha yesiko kwindawo yokwakha kwaye wenze utshintsho kwinkqubo yokwakha. Iingxaki zikhona kwiinkqubo zemvelaphi ye-guix-daemon kunye ne-nix-daemon ezisetyenziselwa ukubonelela abasebenzisi abangenalungelo lokufikelela kwimisebenzi yokwakha.
Ubuthathaka bubangelwa yinto yokuba ngexesha lemisebenzi ethile, iindlela zefayile ezipheleleyo zisetyenzisiwe endaweni yeenkcazelo ze-dirfd ukufikelela kulawulo lolwakhiwo lwexeshana, oluvumele uvimba wokwakha obekwe kwi-/tmp hierarchy (umzekelo, "/tmp/guix-build-PACKAGE-XYdrv-0") ukuba ifakwe endaweni. Ukusetyenziswa ngendlela engafanelekanga kwe-dirfd kumsebenzi wokucima okuphindiweyo kukhokelele kwimeko yogqatso, ngenxa yokuba umhlaseli anokuthi amisele ikhonkco lokomfuziselo okwangoku phakathi kokuyilwa kunye notshintsho lomnini woluhlu lolwakhiwo. Kuhlaselo oluyimpumelelo, i-guix-daemon/nix-daemon itshintshe umnini wefayile ejongiswe likhonkco lokomfuziselo endaweni yokutshintsha umsebenzisi kuluhlu lokwakha.
Ubuthathaka bulungiswe kwi-Lix 2.93, i-Nix 2.29, kunye ne-Guix 1.4.0-38.0e79d5b. Ukuxhaphaza ubuthathaka, umhlaseli kufuneka akwazi ukwenza imisebenzi yokwakha engenamkhethe. Uhlaselo olusebenzisa ubuthathaka be-CVE-2025-46415 lufuna ukukwazi ukwenza iifayile kwi-/tmp directory kumatshini wokwakha, ngelixa ubuthathaka be-CVE-2025-46416, kuyimfuneko ukuba ukwazi ukuqhuba ikhowudi kumxholo we-pid yokuqala kunye neendawo zamagama zenethiwekhi.
umthombo: opennet.ru
