Unsafe behavior in setuid/setgid binaries in runtime
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.
References
-
https://security.gentoo.org/glsa/202311-09 x_transferred
-
https://go.dev/issue/60272 x_transferred
-
https://go.dev/cl/501223 x_transferred
-
https://pkg.go.dev/vuln/GO-2023-1840 x_transferred
-
https://go.dev/issue/60272 x_transferred
-
https://go.dev/cl/501223 x_transferred
-
https://pkg.go.dev/vuln/GO-2023-1840 x_transferred
-
https://security.gentoo.org/glsa/202311-09 x_transferred
-
https://go.dev/issue/60272 x_transferred
-
https://go.dev/cl/501223 x_transferred
-
https://pkg.go.dev/vuln/GO-2023-1840 x_transferred
-
https://security.gentoo.org/glsa/202311-09 x_transferred
-
https://go.dev/issue/60272 x_transferred
-
https://go.dev/cl/501223 x_transferred
-
https://pkg.go.dev/vuln/GO-2023-1840 x_transferred
-
https://security.gentoo.org/glsa/202311-09 x_transferred
Affected products
- <1.20.5
- <1.19.10
Matching in nixpkgs
pkgs.onnxruntime
Cross-platform, high performance scoring engine for ML models
-
nixos-unstable -
- nixpkgs-unstable 1.22.2
pkgs.kata-runtime
Lightweight Virtual Machines like containers that provide the workload isolation and security of VMs
-
nixos-unstable -
- nixpkgs-unstable 3.16.0
pkgs.aws-lambda-rie
Locally test Lambda functions packaged as container images
-
nixos-unstable -
- nixpkgs-unstable 1.27
pkgs.nodepy-runtime
Runtime for Python inspired by Node.JS
-
nixos-unstable -
- nixpkgs-unstable 2.1.5
pkgs.libblocksruntime
Installs the BlocksRuntime library from the compiler-rt
-
nixos-unstable -
- nixpkgs-unstable 0-unstable-2017-10-28
pkgs.rocmPackages.hsakmt
Platform runtime for ROCm
-
nixos-unstable -
- nixpkgs-unstable 6.3.3
pkgs.intel-compute-runtime
Intel Graphics Compute Runtime oneAPI Level Zero and OpenCL, supporting 12th Gen and newer
-
nixos-unstable -
- nixpkgs-unstable 25.31.34666.3
pkgs.rocmPackages_6.hsakmt
Platform runtime for ROCm
-
nixos-unstable -
- nixpkgs-unstable 6.3.3
pkgs.kdePackages.kdepim-runtime
Akonadi agents and resources
-
nixos-unstable -
- nixpkgs-unstable 25.08.1
pkgs.rocmPackages_6.rocm-runtime
Platform runtime for ROCm
-
nixos-unstable -
- nixpkgs-unstable 6.3.3
pkgs.intel-compute-runtime-legacy1
Intel Graphics Compute Runtime oneAPI Level Zero and OpenCL with support for Gen8, Gen9 and Gen11 GPUs
-
nixos-unstable -
- nixpkgs-unstable legacy1-24.35.30872.32
pkgs.python312Packages.onnxruntime
Cross-platform, high performance scoring engine for ML models
-
nixos-unstable -
- nixpkgs-unstable 1.22.2
pkgs.python313Packages.onnxruntime
Cross-platform, high performance scoring engine for ML models
-
nixos-unstable -
- nixpkgs-unstable 1.22.2
pkgs.dotnetCorePackages.runtime_8_0
Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 8.0.20
pkgs.dotnetCorePackages.runtime_9_0
Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 9.0.9
pkgs.haskellPackages.fficxx-runtime
Runtime for fficxx-generated library
-
nixos-unstable -
- nixpkgs-unstable 0.7.0.1
pkgs.linuxPackages.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.12.47
pkgs.dotnetCorePackages.runtime_10_0
Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 10.0.0-rc.1.25451.107
pkgs.azure-cli-extensions.k8s-runtime
Microsoft Azure Command-Line Tools K8sRuntime Extension
-
nixos-unstable -
- nixpkgs-unstable k8s-runtime-2.0.0
pkgs.python312Packages.fluent-runtime
Localization library for expressive translations
-
nixos-unstable -
- nixpkgs-unstable 0.4.0
pkgs.python312Packages.nodepy-runtime
Runtime for Python inspired by Node.JS
-
nixos-unstable -
- nixpkgs-unstable 2.1.5
pkgs.python313Packages.fluent-runtime
Localization library for expressive translations
-
nixos-unstable -
- nixpkgs-unstable 0.4.0
pkgs.python313Packages.nodepy-runtime
Runtime for Python inspired by Node.JS
-
nixos-unstable -
- nixpkgs-unstable 2.1.5
pkgs.dotnetCorePackages.runtime_6_0-bin
.NET Runtime 6.0.36 (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 6.0.36
pkgs.dotnetCorePackages.runtime_7_0-bin
.NET Runtime 7.0.20 (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 7.0.20
pkgs.dotnetCorePackages.runtime_8_0-bin
.NET Runtime 8.0.20 (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 8.0.20
pkgs.dotnetCorePackages.runtime_9_0-bin
.NET Runtime 9.0.9 (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 9.0.9
pkgs.haskellPackages.proto-lens-runtime
None
-
nixos-unstable -
- nixpkgs-unstable 0.7.0.7
pkgs.linuxPackages_lqx.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.16.5
pkgs.linuxPackages_zen.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.16.5
pkgs.dotnetCorePackages.runtime_10_0-bin
.NET Runtime 10.0.0-rc.1.25451.107 (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 10.0.0-rc.1.25451.107
pkgs.haskellPackages.gogol-runtimeconfig
Google Cloud Runtime Configuration SDK
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.python312Packages.onnxruntime-tools
Transformers Model Optimization Tool of ONNXRuntime
-
nixos-unstable -
- nixpkgs-unstable 1.7.0
pkgs.python313Packages.onnxruntime-tools
Transformers Model Optimization Tool of ONNXRuntime
-
nixos-unstable -
- nixpkgs-unstable 1.7.0
pkgs.haskellPackages.amazonka-lex-runtime
Amazon Lex Runtime Service SDK
-
nixos-unstable -
- nixpkgs-unstable 2.0
pkgs.linuxPackages-libre.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.12.47
pkgs.dotnetCorePackages.aspnetcore_6_0-bin
ASP.NET Core Runtime 6.0.36 (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 6.0.36
pkgs.dotnetCorePackages.aspnetcore_7_0-bin
ASP.NET Core Runtime 7.0.20 (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 7.0.20
pkgs.dotnetCorePackages.aspnetcore_8_0-bin
ASP.NET Core Runtime 8.0.20 (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 8.0.20
pkgs.dotnetCorePackages.aspnetcore_9_0-bin
ASP.NET Core Runtime 9.0.9 (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 9.0.9
pkgs.linuxPackages_latest.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.16.7
pkgs.linuxPackages_xanmod.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.12.47
pkgs.dotnetCorePackages.aspnetcore_10_0-bin
ASP.NET Core Runtime 10.0.0-rc.1.25451.107 (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 10.0.0-rc.1.25451.107
pkgs.dotnetCorePackages.dotnet_8.aspnetcore
Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 8.0.20
pkgs.dotnetCorePackages.dotnet_9.aspnetcore
Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 9.0.9
pkgs.python312Packages.rapidocr-onnxruntime
Cross platform OCR Library based on OnnxRuntime
-
nixos-unstable -
- nixpkgs-unstable 1.4.4
pkgs.python313Packages.rapidocr-onnxruntime
Cross platform OCR Library based on OnnxRuntime
-
nixos-unstable -
- nixpkgs-unstable 1.4.4
pkgs.dotnetCorePackages.dotnet_10.aspnetcore
Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI (wrapper)
-
nixos-unstable -
- nixpkgs-unstable 10.0.0-rc.1.25451.107
pkgs.python312Packages.antlr4-python3-runtime
Runtime for ANTLR
-
nixos-unstable -
- nixpkgs-unstable antlr4-python3-runtime-4.13.2
pkgs.python312Packages.mypy-boto3-lex-runtime
Type annotations for boto3 lex-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-lex-runtime-1.40.17
pkgs.python313Packages.antlr4-python3-runtime
Runtime for ANTLR
-
nixos-unstable -
- nixpkgs-unstable antlr4-python3-runtime-4.13.2
pkgs.python313Packages.mypy-boto3-lex-runtime
Type annotations for boto3 lex-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-lex-runtime-1.40.17
pkgs.python312Packages.langgraph-runtime-inmem
Inmem implementation for the LangGraph API server
-
nixos-unstable -
- nixpkgs-unstable 0.12.0
pkgs.python313Packages.langgraph-runtime-inmem
Inmem implementation for the LangGraph API server
-
nixos-unstable -
- nixpkgs-unstable 0.12.0
pkgs.haskellPackages.amazonka-sagemaker-runtime
Amazon SageMaker Runtime SDK
-
nixos-unstable -
- nixpkgs-unstable 2.0
pkgs.haskellPackages.aws-lambda-haskell-runtime
Haskell runtime for AWS Lambda
-
nixos-unstable -
- nixpkgs-unstable 4.3.2
pkgs.python312Packages.mypy-boto3-lexv2-runtime
Type annotations for boto3 lexv2-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-lexv2-runtime-1.40.15
pkgs.python313Packages.mypy-boto3-lexv2-runtime
Type annotations for boto3 lexv2-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-lexv2-runtime-1.40.15
pkgs.linuxPackages_latest-libre.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.16.7
pkgs.haskellPackages.amazonka-personalize-runtime
Amazon Personalize Runtime SDK
-
nixos-unstable -
- nixpkgs-unstable 2.0
pkgs.linuxPackages_xanmod_stable.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.16.7
pkgs.python312Packages.google-cloud-runtimeconfig
Google Cloud RuntimeConfig API client library
-
nixos-unstable -
- nixpkgs-unstable 0.34.0
pkgs.python313Packages.google-cloud-runtimeconfig
Google Cloud RuntimeConfig API client library
-
nixos-unstable -
- nixpkgs-unstable 0.34.0
pkgs.haskellPackages.amazonka-sagemaker-a2i-runtime
Amazon Augmented AI Runtime SDK
-
nixos-unstable -
- nixpkgs-unstable a2i-runtime-2.0
pkgs.haskellPackages.aws-lambda-haskell-runtime-wai
Run wai applications on AWS Lambda
-
nixos-unstable -
- nixpkgs-unstable 2.0.2
pkgs.python312Packages.mypy-boto3-sagemaker-runtime
Type annotations for boto3 sagemaker-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-sagemaker-runtime-1.40.17
pkgs.python313Packages.mypy-boto3-sagemaker-runtime
Type annotations for boto3 sagemaker-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-sagemaker-runtime-1.40.17
pkgs.linuxKernel.packages.linux_5_4.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-5.4.299
pkgs.linuxKernel.packages.linux_6_1.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.1.152
pkgs.linuxKernel.packages.linux_6_6.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.6.106
pkgs.linuxKernel.packages.linux_lqx.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.16.5
pkgs.linuxKernel.packages.linux_zen.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.16.5
pkgs.python312Packages.types-aiobotocore-lex-runtime
Type annotations for aiobotocore lex-runtime
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python313Packages.types-aiobotocore-lex-runtime
Type annotations for aiobotocore lex-runtime
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.linuxKernel.packages.linux_5_10.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-5.10.244
pkgs.linuxKernel.packages.linux_5_15.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-5.15.193
pkgs.linuxKernel.packages.linux_6_12.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.12.47
pkgs.linuxKernel.packages.linux_6_16.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.16.7
pkgs.python312Packages.mypy-boto3-personalize-runtime
Type annotations for boto3 personalize-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-personalize-runtime-1.40.17
pkgs.python313Packages.mypy-boto3-personalize-runtime
Type annotations for boto3 personalize-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-personalize-runtime-1.40.17
pkgs.linuxKernel.packages.linux_libre.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.12.47
pkgs.python312Packages.types-aiobotocore-lexv2-runtime
Type annotations for aiobotocore lexv2-runtime
-
nixos-unstable -
- nixpkgs-unstable lexv2-runtime-2.23.2
pkgs.python313Packages.types-aiobotocore-lexv2-runtime
Type annotations for aiobotocore lexv2-runtime
-
nixos-unstable -
- nixpkgs-unstable lexv2-runtime-2.23.2
pkgs.linuxKernel.packages.linux_xanmod.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.12.47
pkgs.python312Packages.mypy-boto3-sagemaker-a2i-runtime
Type annotations for boto3 sagemaker-a2i-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-sagemaker-a2i-runtime-1.40.16
pkgs.python313Packages.mypy-boto3-sagemaker-a2i-runtime
Type annotations for boto3 sagemaker-a2i-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-sagemaker-a2i-runtime-1.40.16
pkgs.linuxKernel.packages.linux_hardened.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.12.43
pkgs.python312Packages.types-aiobotocore-sagemaker-runtime
Type annotations for aiobotocore sagemaker-runtime
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python313Packages.types-aiobotocore-sagemaker-runtime
Type annotations for aiobotocore sagemaker-runtime
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.vscode-extensions.ms-dotnettools.vscode-dotnet-runtime
Provides a way for other Visual Studio Code extensions to install local versions of .NET SDK/Runtime
-
nixos-unstable -
- nixpkgs-unstable 2.3.7
pkgs.haskellPackages.amazonka-sagemaker-featurestore-runtime
Amazon SageMaker Feature Store Runtime SDK
-
nixos-unstable -
- nixpkgs-unstable 2.0
pkgs.python312Packages.types-aiobotocore-personalize-runtime
Type annotations for aiobotocore personalize-runtime
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python313Packages.types-aiobotocore-personalize-runtime
Type annotations for aiobotocore personalize-runtime
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.linuxKernel.packages.linux_latest_libre.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.16.7
pkgs.linuxKernel.packages.linux_6_12_hardened.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.12.43
pkgs.linuxKernel.packages.linux_xanmod_stable.fwts-efi-runtime
Firmware Test Suite(efi-runtime kernel module)
-
nixos-unstable -
- nixpkgs-unstable 24.09.00-6.16.7
pkgs.python312Packages.types-aiobotocore-sagemaker-a2i-runtime
Type annotations for aiobotocore sagemaker-a2i-runtime
-
nixos-unstable -
- nixpkgs-unstable a2i-runtime-2.23.2
pkgs.python313Packages.types-aiobotocore-sagemaker-a2i-runtime
Type annotations for aiobotocore sagemaker-a2i-runtime
-
nixos-unstable -
- nixpkgs-unstable a2i-runtime-2.23.2
pkgs.python312Packages.mypy-boto3-sagemaker-featurestore-runtime
Type annotations for boto3 sagemaker-featurestore-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-sagemaker-featurestore-runtime-1.40.17
pkgs.python313Packages.mypy-boto3-sagemaker-featurestore-runtime
Type annotations for boto3 sagemaker-featurestore-runtime
-
nixos-unstable -
- nixpkgs-unstable boto3-sagemaker-featurestore-runtime-1.40.17
pkgs.python312Packages.types-aiobotocore-sagemaker-featurestore-runtime
Type annotations for aiobotocore sagemaker-featurestore-runtime
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python313Packages.types-aiobotocore-sagemaker-featurestore-runtime
Type annotations for aiobotocore sagemaker-featurestore-runtime
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
Package maintainers
-
@ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
-
@katexochen Paul Meyer <katexochen0@gmail.com>
-
@corngood David McFarland <corngood@gmail.com>
-
@mdarocha Marek Darocha <marek@mdarocha.pl>
-
@kuznero Roman Kuznetsov <roman@kuznero.com>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@fleaz Felix Breidenstein <mail@felixbreidenstein.de>
-
@thomasjm Tom McLaughlin <tom@codedown.io>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@K900 Ilya K. <me@0upti.me>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@dtzWill Will Dietz <w@wdtz.org>
-
@ck3d Christian Kögler <ck3d@gmx.de>
-
@puffnfresh Brian McKenna <brian@brianmckenna.org>
-
@GetPsyched Priyanshu Tripathi <nixos@getpsyched.dev>
-
@sarahec Sarah Clark <seclark@nextquestion.net>
-
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@happysalada Raphael Megzari <raphael@megzari.com>
-
@wrvsrx wrvsrx <wrvsrx@outlook.com>
-
@GZGavinZhao Gavin Zhao
-
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
-
@mschwaig Martin Schwaighofer <mschwaig+nixpkgs@eml.cc>
-
@Flakebi Sebastian Neubauer <flakebi@t-online.de>
-
@magnouvean Maxwell Berg <rg0zjsyh@anonaddy.me>