The /var/guix/daemon-socket/socket is by default set to be owned by root:root with chmod 0666 that allows **ALL** users on the system to interact with guix daemon to write in the store directory.
Proposing to define a group (or use guixbuild group?) to by default deny access to the socket to all users without the group as i see this being a security issue waiting to happen. -- Jacob "Kreyren" Hrbek Sent with ProtonMail Secure Email.
publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
