bug#41908: guix time-machine fails; XXXX is not related to introductory

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#41908: guix time-machine fails; XXXX is not related to introductory

From:	zimoun
Subject:	bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
Date:	Sun, 21 Jun 2020 18:17:10 +0200

Hi Ludo,

On Sat, 20 Jun 2020 at 12:40, Ludovic Courtès <ludo@gnu.org> wrote:
> zimoun <zimon.toutoune@gmail.com> skribis:

>> BTW, from a security perspective, it is easy to cheat by removing some
>> commits so the file ~/.cache/guix/authentication/channels/guix should be
>> protected: read-only and only writable by the daemon.
>
> It’s 600 of course.  What we could do is ignore it if it’s not 600 when
> we open it.

This could help. :-)

> Crucially: we cannot and should not restrict what the user can do for
> the sake of security.  Users can pass ‘--disable-authentication’, they
> can run binaries taken from the net, whatever; it’s their machine.

Well, I have not thought deeply to an attack, but the point is to
protect the user when they runs "guix pull" alone i.e., they can trust
the server.  An attack could be for example an email with an attachment,
click, then boum: tweak ~/.config/guix/channels.scm and
~/.cache/guix/authentication/channels/guix, then the user runs "guix
pull" which the expectation that everything is checked and
authenticated and in fact no, they is talking to malicious server.

Cheers,
simon

[Prev in Thread]

Current Thread

[Next in Thread]

bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Jan Nieuwenhuizen, 2020/06/17
- bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', zimoun, 2020/06/18
  - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', zimoun, 2020/06/18
- bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Ludovic Courtès, 2020/06/19
  - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', zimoun, 2020/06/19
    - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Ludovic Courtès, 2020/06/20
    - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', zimoun <=
    - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Ludovic Courtès, 2020/06/22
  - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Marius Bakke, 2020/06/20
  - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Ludovic Courtès, 2020/06/21
    - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', zimoun, 2020/06/21
    - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', zimoun, 2020/06/22
    - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Ludovic Courtès, 2020/06/23
    - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', zimoun, 2020/06/23
    - bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Ludovic Courtès, 2020/06/23

Prev by Date: bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
Next by Date: bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
Previous by thread: bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
Next by thread: bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
Index(es):
- Date
- Thread