Re: server and client in one package -> security issue

[Andy Wingo]

On Tue 14 Feb 2017 11:28, Hartmut Goebel <address@hidden> writes:

> Am 13.02.2017 um 15:13 schrieb Ludovic Courtès:
>> Now, back to the “only install the required software”, I wouldn’t go as
>> far as you do.  I generally agree with the rule, but I’m skeptical as to
>> what this buys you from a security perspective: users can always install
>> whatever they want by hand anyway, and do you have an idea as to how
>> much code they install via their browser?
>
> Looks like we are talking about different systems. I'm talking about
> hardened systems, esp. servers, where users are not allowed to install
> additional software – not even browser add-on.

If the user has no access to the Guix store and daemon, so they can't
even "guix package --install foo", then you're operating on effectively
a snapshot of the store, right?  So perhaps you want a facility that
when exporting this store snapshot can remove some subset of files, like
for example the include/ tree on all store directories.  But because
this is just an snapshot/export of the store, it doesn't seem necessary
to actually change any particular Guix package to reach your goal, as
far as I understand things anyway.

Andy