From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id OAOjDefbkGFZBwAAgWs5BA (envelope-from ) for ; Sun, 14 Nov 2021 10:50:31 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id EFZUCefbkGHSFAAAB5/wlQ (envelope-from ) for ; Sun, 14 Nov 2021 09:50:31 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6593739405 for ; Sun, 14 Nov 2021 10:50:30 +0100 (CET) Received: from localhost ([::1]:33782 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mmC9d-0007dE-Jj for larch@yhetil.org; Sun, 14 Nov 2021 04:50:29 -0500 Received: from eggs.gnu.org ([209.51.188.92]:40158) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mmC9D-0007cq-Rg for bug-guix@gnu.org; Sun, 14 Nov 2021 04:50:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:37604) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mmC9D-0003tn-Iw for bug-guix@gnu.org; Sun, 14 Nov 2021 04:50:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mmC9D-0003h7-Im for bug-guix@gnu.org; Sun, 14 Nov 2021 04:50:03 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#51833: (No Subject) References: <0vikmU8M7HlOsjRKej0siT0rJjlgmN5Asnd1HpGeH_8xYz_okK-KtukDg6vO9U3wtmQrAd5FHhooRjJ__yE1jlcoQ17TqGPrYNiD6Bjk01w=@rixotstudio.cz> In-Reply-To: <0vikmU8M7HlOsjRKej0siT0rJjlgmN5Asnd1HpGeH_8xYz_okK-KtukDg6vO9U3wtmQrAd5FHhooRjJ__yE1jlcoQ17TqGPrYNiD6Bjk01w=@rixotstudio.cz> Resent-From: Jacob Hrbek Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 14 Nov 2021 09:50:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 51833 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: "51833@debbugs.gnu.org" <51833@debbugs.gnu.org> Received: via spool by 51833-submit@debbugs.gnu.org id=B51833.163688339814173 (code B ref 51833); Sun, 14 Nov 2021 09:50:03 +0000 Received: (at 51833) by debbugs.gnu.org; 14 Nov 2021 09:49:58 +0000 Received: from localhost ([127.0.0.1]:49149 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mmC98-0003gW-Gv for submit@debbugs.gnu.org; Sun, 14 Nov 2021 04:49:58 -0500 Received: from mail-40136.proton.ch ([185.70.40.136]:25487) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mmC96-0003gH-Bb for 51833@debbugs.gnu.org; Sun, 14 Nov 2021 04:49:57 -0500 Date: Sun, 14 Nov 2021 09:49:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rixotstudio.cz; s=protonmail2; t=1636883388; bh=+ozYPc4f/pqf8qrjNKaSmE9g15jjhvvIlusp5tvSXwU=; h=Date:To:From:Reply-To:Subject:From; b=TIBHTmKd5jpNPxYR3MQaGz8QX2yZGAc2tI8pOE0Qcnl2vajiUWUiCu3anTRqcWP5p JVQxeXbPs39ySRFiCsjNoMwFpJYwJT4nNd8/KojcHK2tBjS3SUKH+rT03O5cxpP3PW km0B7Bn2DhsPQLIfkRCLAtsmLwr0QjvoRdNKtlLtgnEr2w8ecmCO85iKWoCJhjG3kV Fffi/6vGNOhmD+XYoaUSHfTqAeUZseFpzAR6AVO/ZpOTdivoqXcS30VXp+5bfrZ5kZ 9LVAQAofrLt386I5SsN1SxhdSiIa0HRpGzgXbs0wZh6k+SivIA7FX9hhbPIDYir0L5 wuWYVc83WVoYw== From: Jacob Hrbek Message-ID: <1f_SrWXwfJ8vD07ySkk7hkHsJ4G3sFPqoK7wk5WfigTaawBUQgdMzmD63CUGAfJ6icNvWikd1KZ-H6EFSWJl5joDdw2OVl8EbBPQnzAyLg4=@rixotstudio.cz> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha512; boundary="------4fb4d5fd04722090b68fc338dc4f3ce67b0389756e6ed39435c0c04994fcbaf4"; charset=utf-8 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Jacob Hrbek Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1636883430; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=sudvTqihhjYskSjMWhDRtXkwsMbcoQaQL8UTZ7Z8OvE=; b=H0BmaYbUTa2DI7wM8mb23lh0F9OkphhjUjJGCmRYdufGJTP11ZVquk9rHYGcuAIsJtb3CO VrBivyuIbGVAmIKFcU+S55ejcZVpN+cxQBoeq610pes4pPWJDRAkVpzFYjNxuZujadqPQg OGDrspIIrhTrrOKmr88+0gU3jAJP29smpNB+iPLjODwG4polUMYQJDkHmmFf5j76z2DX3O 3A+Nk0VXmqaTnFLl/CpBfack4EXwKALiTBuo4LIWXH8yuExvq7EX+C18PTlssetalyaW9Y ywzYb9mbncLhIRTe6lMMml3NM9ot8mN9/OeJ4MVA0TRP1VI/erYnJYvf5Y1L7g== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1636883430; a=rsa-sha256; cv=none; b=F4WWNO6TRUmZn6jHAj3twQfErtVmHbLnSScY1T7oSDfENcH5T0vulPrsntJrJQK8ht3i7I iGqqSdJLa5S2vKBHC4Xjx0rluifwZdNK/m8cd0WJRdPBxYW64Wpk0tHrEnlbUapRkPgoyT TYKfoefsfBRsBZOlxMFf0386cc3/aYI09jbQL3x+2OXKeLDNUsxXJS4gradiDxa0SS5ZsN IkkZhm7/JC1C3sP3qrS6NWUG28X/L/Bp48hDNTAlpEATennYurgJm7latm0ZjDiA9248RB l3bODxA38kVo51FUG8+vi8s24AFza4ohUv18vuOGYLaGDZabolLgIxiyZw4uQA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=rixotstudio.cz header.s=protonmail2 header.b=TIBHTmKd; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.74 Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=rixotstudio.cz header.s=protonmail2 header.b=TIBHTmKd; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 6593739405 X-Spam-Score: -2.74 X-Migadu-Scanner: scn0.migadu.com X-TUID: IkykqooD9daT This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------4fb4d5fd04722090b68fc338dc4f3ce67b0389756e6ed39435c0c04994fcbaf4 Content-Type: multipart/mixed;boundary=---------------------35d800a0e6bf2915e4752098d68eda85 -----------------------35d800a0e6bf2915e4752098d68eda85 Content-Type: multipart/alternative;boundary=---------------------cb79ab3046522b92a5e576f8d3718f72 -----------------------cb79ab3046522b92a5e576f8d3718f72 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain;charset=utf-8 Discussed on IRC/Matrix https://matrix.to/#/!sHzxAiaYPGfEPSGCzf:libera.cha= t/$TNunZ_vCWYxNGw-XDyCgKyKobccakb2A9noppM8kkTo?via=3Dlibera.chat&via=3Dmat= rix.org&via=3Dtchncs.de concluded to not be a security issue. My concern was malicious user caching a malicious derivation trying to for= ce root user to invoke it to unleash the payload, but that is not possible= due to the use of GPG with the guix repo to prevent injection of maliciou= s DNS server through DHCP. -- Jacob "Kreyren" Hrbek Sent with ProtonMail Secure Email. -----------------------cb79ab3046522b92a5e576f8d3718f72 Content-Type: multipart/related;boundary=---------------------e5d48939b3f60c021a6f094699b651e8 -----------------------e5d48939b3f60c021a6f094699b651e8 Content-Type: text/html;charset=utf-8 Content-Transfer-Encoding: base64 PGRpdj5EaXNjdXNzZWQgb24gSVJDL01hdHJpeCA8YSBocmVmPSJodHRwczovL21hdHJpeC50by8j LyFzSHp4QWlhWVBHZkVQU0dDemY6bGliZXJhLmNoYXQvJFROdW5aX3ZDV1l4Tkd3LVhEeUNnS3lL b2JjY2FrYjJBOW5vcHBNOGtrVG8/dmlhPWxpYmVyYS5jaGF0JmFtcDt2aWE9bWF0cml4Lm9yZyZh bXA7dmlhPXRjaG5jcy5kZSI+aHR0cHM6Ly9tYXRyaXgudG8vIy8hc0h6eEFpYVlQR2ZFUFNHQ3pm OmxpYmVyYS5jaGF0LyRUTnVuWl92Q1dZeE5Hdy1YRHlDZ0t5S29iY2Nha2IyQTlub3BwTThra1Rv P3ZpYT1saWJlcmEuY2hhdCZhbXA7dmlhPW1hdHJpeC5vcmcmYW1wO3ZpYT10Y2huY3MuZGU8L2E+ IGNvbmNsdWRlZCB0byBub3QgYmUgYSBzZWN1cml0eSBpc3N1ZS48YnI+PGJyPk15IGNvbmNlcm4g d2FzIG1hbGljaW91cyB1c2VyIGNhY2hpbmcgYSBtYWxpY2lvdXMgZGVyaXZhdGlvbiB0cnlpbmcg dG8gZm9yY2Ugcm9vdCB1c2VyIHRvIGludm9rZSBpdCB0byB1bmxlYXNoIHRoZSBwYXlsb2FkLCBi dXQgdGhhdCBpcyBub3QgcG9zc2libGUgZHVlIHRvIHRoZSB1c2Ugb2YgR1BHIHdpdGggdGhlIGd1 aXggcmVwbyB0byBwcmV2ZW50IGluamVjdGlvbiBvZiBtYWxpY2lvdXMgRE5TIHNlcnZlciB0aHJv dWdoIERIQ1AuPGJyPjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxf c2lnbmF0dXJlX2Jsb2NrIj48ZGl2IGNsYXNzPSJwcm90b25tYWlsX3NpZ25hdHVyZV9ibG9jay11 c2VyIj48ZGl2Pi0tIEphY29iICJLcmV5cmVuIiBIcmJlazxicj48L2Rpdj48L2Rpdj48ZGl2Pjxi cj48L2Rpdj48ZGl2IGNsYXNzPSJwcm90b25tYWlsX3NpZ25hdHVyZV9ibG9jay1wcm90b24iPlNl bnQgd2l0aCA8YSByZWw9Im5vb3BlbmVyIG5vcmVmZXJyZXIiIGhyZWY9Imh0dHBzOi8vcHJvdG9u bWFpbC5jb20vIiB0YXJnZXQ9Il9ibGFuayI+UHJvdG9uTWFpbDwvYT4gU2VjdXJlIEVtYWlsLjwv ZGl2PjwvZGl2PjxkaXY+PGJyPjwvZGl2Pg== -----------------------e5d48939b3f60c021a6f094699b651e8-- -----------------------cb79ab3046522b92a5e576f8d3718f72-- -----------------------35d800a0e6bf2915e4752098d68eda85 Content-Type: application/pgp-keys; filename="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc"; name="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc"; name="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc" LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tDQpWZXJzaW9uOiBPcGVuUEdQLmpz IHY0LjEwLjEwDQpDb21tZW50OiBodHRwczovL29wZW5wZ3Bqcy5vcmcNCg0KeGpNRVlBbDNGaFlK S3dZQkJBSGFSdzhCQVFkQVFLQXBtZFI4dEc5YUtFZHh3SEovWktPMkN2Wk1SV1B0DQpCTk5HcUpV aHAyTE5MMnR5WlhseVpXNUFjbWw0YjNSemRIVmthVzh1WTNvZ1BHdHlaWGx5Wlc1QWNtbDQNCmIz UnpkSFZrYVc4dVkzbyt3bzhFRUJZS0FDQUZBbUFKZHhZR0N3a0hDQU1DQkJVSUNnSUVGZ0lCQUFJ Wg0KQVFJYkF3SWVBUUFoQ1JDdDAzMFVxMEw4cVJZaEJCWjMyNEtUaktobGM0RWpCNjNUZlJTclF2 eXA1N1FBDQovMHRsYmRuQ0l6cmVLWG12VzJYU1lYekFKb3RKZHhDekUrWEFUTStxUERLekFRQ2Ni SHA3eXc2K0FybmcNCmVTdEdGbi9vbGh4VFBkcHU2NDFDTEdpZ1BtRW9CYzQ0QkdBSmR4WVNDaXNH QVFRQmwxVUJCUUVCQjBEYQ0KaUkzalFmU29pM0RaNC9OZm14R2RzUnN2OS9CcU1nVzVqNmpkQnFr eUlBTUJDQWZDZUFRWUZnZ0FDUVVDDQpZQWwzRmdJYkRBQWhDUkN0MDMwVXEwTDhxUlloQkJaMzI0 S1RqS2hsYzRFakI2M1RmUlNyUXZ5cEhjRUINCkFPUXhTL0ovVU0wZWU4azJqYmxpV2QvUTBJZCtY OFVIQlhoeXFWUmMyMnFyQVFETEhjVzk3V1FiU0pGbw0KMTlrd3Q3ME95SGVwRjZMV3BERDBQdUlT WkQ2SUNnPT0NCj05a1pnDQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tDQo= -----------------------35d800a0e6bf2915e4752098d68eda85-- --------4fb4d5fd04722090b68fc338dc4f3ce67b0389756e6ed39435c0c04994fcbaf4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: ProtonMail wnUEARYKAAYFAmGQ264AIQkQrdN9FKtC/KkWIQQWd9uCk4yoZXOBIwet030U q0L8qewxAPsFye+YH0El3d/E5JquFYxzuI3QDgk5Q/nQKCOojlucUgEA29t8 KXOejhfu4uJx7Wjxhh/xUJKhguc+poi92sgZHgc= =JTeS -----END PGP SIGNATURE----- --------4fb4d5fd04722090b68fc338dc4f3ce67b0389756e6ed39435c0c04994fcbaf4--