[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#41908: guix time-machine fails; XXXX is not related to introductory
From: |
Ludovic Courtès |
Subject: |
bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix' |
Date: |
Mon, 22 Jun 2020 10:01:29 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi,
zimoun <zimon.toutoune@gmail.com> skribis:
> On Sat, 20 Jun 2020 at 12:40, Ludovic Courtès <ludo@gnu.org> wrote:
>> zimoun <zimon.toutoune@gmail.com> skribis:
>
>>> BTW, from a security perspective, it is easy to cheat by removing some
>>> commits so the file ~/.cache/guix/authentication/channels/guix should be
>>> protected: read-only and only writable by the daemon.
>>
>> It’s 600 of course. What we could do is ignore it if it’s not 600 when
>> we open it.
>
> This could help. :-)
Done in 41939c374a3ef421d2d4c6453c327a9cd7af4ce5.
>> Crucially: we cannot and should not restrict what the user can do for
>> the sake of security. Users can pass ‘--disable-authentication’, they
>> can run binaries taken from the net, whatever; it’s their machine.
>
> Well, I have not thought deeply to an attack, but the point is to
> protect the user when they runs "guix pull" alone i.e., they can trust
> the server. An attack could be for example an email with an attachment,
> click, then boum: tweak ~/.config/guix/channels.scm and
> ~/.cache/guix/authentication/channels/guix, then the user runs "guix
> pull" which the expectation that everything is checked and
> authenticated and in fact no, they is talking to malicious server.
I don’t really see how the attachment would modify a local file, but
even if that’s a possibility, it’s beyond the scope of Guix: we cannot
prevent users from shooting themselves in the foot.
Ludo’.
- bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Jan Nieuwenhuizen, 2020/06/17
- bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Marius Bakke, 2020/06/20
- bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Ludovic Courtès, 2020/06/21
- bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', zimoun, 2020/06/21
- bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', zimoun, 2020/06/22
- bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Ludovic Courtès, 2020/06/23
- bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', zimoun, 2020/06/23
- bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix', Ludovic Courtès, 2020/06/23