From: Leo Famulari <leo@famulari.name>
To: Tobias Geerinckx-Rice <me@tobias.gr>
Cc: guix-devel@gnu.org
Subject: Re: Public guix offload server
Date: Wed, 20 Oct 2021 18:54:11 -0400 [thread overview]
Message-ID: <YXCeExHn4GF/vDEt@jasmine.lan> (raw)
In-Reply-To: <87cznz74l5.fsf@nckx>
[-- Attachment #1: Type: text/plain, Size: 927 bytes --]
On Wed, Oct 20, 2021 at 11:06:05PM +0200, Tobias Geerinckx-Rice wrote:
> Guix is not content-addressed. Any [compromised] user can upload arbitrary
> malicious binaries with store hashes identical to the legitimate build.
> These malicious binaries can then be downloaded by other clients, which
> presumably all have commit access.
Interesting... I'm not at all familiar with how `guix offload` works,
because I've never used it. But it's surprising to me that this would be
possible. Although after one minute of thought, I'm not sure why it
wouldn't be.
However, the Guix security model trusts committers implicitly. So, if
the committers' shared offload server had proper access control, one
might consider it "good enough" in terms of security. Although the
possibility of spreading malicious binaries is much scarier than what
could be achieved by committing to guix.git, because of the relative
lack of transparency.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2021-10-20 22:56 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-20 20:53 Public guix offload server Arun Isaac
2021-10-20 21:06 ` Tobias Geerinckx-Rice
2021-10-20 22:54 ` Leo Famulari [this message]
2021-10-21 16:46 ` Tobias Geerinckx-Rice
2021-10-21 8:12 ` zimoun
2021-10-21 16:31 ` Tobias Geerinckx-Rice
2021-10-21 18:04 ` zimoun
2021-10-21 21:15 ` Jonathan McHugh
2021-10-21 21:51 ` zimoun
2021-10-21 22:16 ` Tobias Geerinckx-Rice
2021-10-22 7:33 ` zimoun
2021-10-23 5:49 ` Arun Isaac
2021-10-23 7:23 ` zimoun
2021-10-24 6:43 ` Arun Isaac
2021-10-25 9:27 ` indieterminacy
2021-10-22 7:23 ` Jonathan McHugh
2021-10-21 20:23 ` Arun Isaac
2021-10-29 12:04 ` Ludovic Courtès
2021-10-29 12:01 ` Ludovic Courtès
2021-10-20 22:56 ` Leo Famulari
2021-10-21 15:49 ` Joshua Branson
2021-10-21 16:41 ` Tobias Geerinckx-Rice
2021-10-21 17:22 ` Vagrant Cascadian
2021-10-29 12:06 ` Ludovic Courtès
2021-10-29 12:44 ` Tobias Geerinckx-Rice
2021-10-21 23:40 ` jbranso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YXCeExHn4GF/vDEt@jasmine.lan \
--to=leo@famulari.name \
--cc=guix-devel@gnu.org \
--cc=me@tobias.gr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).