Nixpkgs security tracker
There is a possible tty hijacking in shadow 4.x before …
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
References
Affected products
- ==1.x before 1.7.4
- ==4.x before 4.1.5
Matching in nixpkgs
pkgs.su
Suite containing authentication-related tools such as passwd and su
pkgs.sudo
Command to run commands as root
pkgs.qsudo
Graphical sudo utility from Project Trident
-
nixos-unstable 2020.03.27
- nixpkgs-unstable 2020.03.27
- nixos-unstable-small 2020.03.27
-
nixos-25.11 2020.03.27
- nixos-25.11-small 2020.03.27
- nixpkgs-25.11-darwin 2020.03.27
pkgs.shadow
Suite containing authentication-related tools such as passwd and su
pkgs.sudo-rs
Memory safe implementation of sudo and su
pkgs.psudohash
Password list generator for orchestrating brute force attacks and cracking hashes
pkgs.shadowenv
reversible directory-local environment variable manipulations
pkgs.shadowfox
Universal dark theme for Firefox while adhering to the modern design principles set by Mozilla
pkgs.sudo-font
Font for programmers and command line users
pkgs.shadow-tls
Proxy to expose real tls handshake to the firewall
pkgs.darwin.sudo
None
pkgs.gnome-sudoku
Test your logic skills in this number grid puzzle
pkgs.doas-sudo-shim
Shim for the sudo command that utilizes doas
pkgs.lxqt.lxqt-sudo
GUI frontend for sudo/su
pkgs.go-shadowsocks2
Fresh implementation of Shadowsocks in Go
-
nixos-unstable shadowsocks2-0.1.5
- nixpkgs-unstable shadowsocks2-0.1.5
- nixos-unstable-small shadowsocks2-0.1.5
-
nixos-25.11 shadowsocks2-0.1.5
- nixos-25.11-small shadowsocks2-0.1.5
- nixpkgs-25.11-darwin shadowsocks2-0.1.5
pkgs.shadowsocks-rust
Rust port of Shadowsocks
pkgs.yaziPlugins.sudo
Call `sudo` in yazi
-
nixos-unstable 0-unstable-2025-11-05
- nixpkgs-unstable 0-unstable-2025-11-05
- nixos-unstable-small 0-unstable-2025-11-05
-
nixos-25.11 0-unstable-2025-11-05
- nixos-25.11-small 0-unstable-2025-11-05
- nixpkgs-25.11-darwin 0-unstable-2025-11-05
pkgs.shadowsocks-libev
Lightweight secured SOCKS5 proxy
pkgs.libsForQt5.ksudoku
Suduko game
pkgs.kdePackages.ksudoku
KSudoku is a logic-based symbol placement puzzle
pkgs.typstPackages.shadowed
Box shadows for Typst
pkgs.plasma5Packages.ksudoku
Suduko game
pkgs.shadowsocks-v2ray-plugin
Yet another SIP003 plugin for shadowsocks, based on v2ray
-
nixos-unstable v2ray-plugin-1.3.2-unstable-2025-09-05
- nixpkgs-unstable v2ray-plugin-1.3.2-unstable-2025-09-05
- nixos-unstable-small v2ray-plugin-1.3.2-unstable-2025-09-05
-
nixos-25.11 v2ray-plugin-1.3.2-unstable-2025-09-05
- nixos-25.11-small v2ray-plugin-1.3.2-unstable-2025-09-05
- nixpkgs-25.11-darwin v2ray-plugin-1.3.2-unstable-2025-09-05
pkgs.fishPlugins.plugin-sudope
Fish plugin to quickly put 'sudo' in your command
-
nixos-unstable 0-unstable-2025-09-16
- nixpkgs-unstable 0-unstable-2025-09-16
- nixos-unstable-small 0-unstable-2025-09-16
-
nixos-25.11 0-unstable-2025-09-16
- nixos-25.11-small 0-unstable-2025-09-16
- nixpkgs-25.11-darwin 0-unstable-2025-09-16
pkgs.haskellPackages.shadowsocks
A fast SOCKS5 proxy that help you get through firewalls
-
nixos-unstable 1.20180408
- nixpkgs-unstable 1.20180408
- nixos-unstable-small 1.20180408
-
nixos-25.11 1.20180408
- nixos-25.11-small 1.20180408
- nixpkgs-25.11-darwin 1.20180408
pkgs.typstPackages.shadowed_0_1_0
Box shadows for Typst
pkgs.typstPackages.shadowed_0_1_1
Box shadows for Typst
pkgs.typstPackages.shadowed_0_1_2
Box shadows for Typst
pkgs.typstPackages.shadowed_0_2_0
Box shadows for Typst
pkgs.wayfirePlugins.wayfire-shadows
Wayfire plugin that adds window shadows
pkgs.haskellPackages.Unixutils-shadow
A simple interface to shadow passwords (aka, shadow.h)
pkgs.obs-studio-plugins.obs-stroke-glow-shadow
OBS plugin to provide efficient Stroke, Glow, and Shadow effects on masked sources
Package maintainers
-
@dani0854 Danil Suetin <suetin085+nixpkgs@protonmail.com>
-
@Anomalocaridid Duncan Russell <duncan@anomalocaris.xyz>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@oxzi Alvar Penning <post@0x21.biz>
-
@K900 Ilya K. <me@0upti.me>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@exploitoverload Asier Armenteros <nix@exploitoverload.com>
-
@oluceps oluceps <nixos@oluceps.uk>
-
@ahrzb AmirHossein Roozbahani <ahrzb5@gmail.com>
-
@rhendric Ryan Hendrickson
-
@R-VdP Ramses <ramses@well-founded.dev>
-
@nicoonoclaste nicoo <nicoo@debian.org>
-
@cherrypiejam Gongqi Huang
-
@wineee Lu Hongxu <lhongxu@outlook.com>
-
@khaneliman Austin Horstman <khaneliman12@gmail.com>
-
@flexiondotorg Martin Wimpress <martin@wimpress.org>
-
@RossSmyth Ross Smyth