Hi all, I am also a Debian Developer, and I'd really like to try to get this taken care of in time if possible--without getting into my whole spiel, I think being able to support usage of Guix as it is at any given time (rather than HEAD-only) is important.
However, when I try to do a minimal reproduction of the vuln in a Debian VM, doing e.g the following, it doesn't work: ``` root@guix-test:~# apt install -y guix wget root@guix-test:~# wget <path to a copy of the test file provided in the announcement blog post> root@guix-test:~# guix repl -- abstract-socket-vuln-check.scm substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0% substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... 100.0% building path(s) `/gnu/store/afq3lfzpfqsw81shkqd91nw9f2dcrk7w-check-abstract- socket-hole' Backtrace: 2 (primitive-load "/gnu/store/hk4k2na16b09qnws9zhi8h8zcm3?") In ice-9/eval.scm: 619:8 1 (_ #(#<directory (guile-user) 7ffff6fddc80> #<input-o?>)) In unknown file: 0 (connect #<input-output: socket 6> 1 "\x00-6886d98b-3581") ERROR: In procedure connect: string contains #\nul character: "\x00-6886d98b-3581" builder for `/gnu/store/24cy6ikj447s8srqv42gfigsd0lf90zs-check-abstract-socket- hole.drv' failed with exit code 1 Abstract Unix-domain socket hole is CLOSED, build failed with "build of `/gnu/ store/24cy6ikj447s8srqv42gfigsd0lf90zs-check-abstract-socket-hole.drv' failed". ``` I did see positive results for this check on Guix System VMs, so it's not clear to me why this check is showing closed, instead of open. I'd like to help with the backporting effort as well, but I can't really validate the effectiveness of any fix at this point. Is this happening to anyone else? Thanks, Kurt
