Hello Guix, That the per-user profile directory is world-writable allows an attacker to hijack code run by other users, as has been reported in the context of Nix:
https://www.openwall.com/lists/oss-security/2019/10/09/4 I believe it applies to Guix as well. Nix people are tracking it here: https://github.com/NixOS/nix/pull/3134 https://github.com/NixOS/nix/issues/509 Looks like we’ll need to do something similar to: <https://github.com/NixOS/nix/pull/3136/commits/5a303093dcae1e5ce9212616ef18f2ca51020b0d>. Thoughts? Thanks, Ludo’.
