From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bengt Richter Subject: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix) Date: Fri, 18 Oct 2019 18:32:01 -0700 Message-ID: <20191018224519.GA81713@PhantoNv4ArchGx.localdomain> References: <87d0eyuqzd.fsf@gnu.org> <87mue2nkrj.fsf@nckx> <8736fttby6.fsf@gnu.org> <87tv89rnva.fsf@gnu.org> <878spksty3.fsf@gnu.org> <87blufny52.fsf@gnu.org> <878spjnqlo.fsf@nckx> <87k193ktk9.fsf@gnu.org> <20191018022128.GA1765@PhantoNv4ArchGx.localdomain> <877e5215ox.fsf@gnu.org> Reply-To: Bengt Richter Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:43343) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iLdc8-00063J-5G for bug-guix@gnu.org; Fri, 18 Oct 2019 21:33:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iLdc6-0008Qj-QI for bug-guix@gnu.org; Fri, 18 Oct 2019 21:33:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:42925) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iLdc6-0008Qe-MU for bug-guix@gnu.org; Fri, 18 Oct 2019 21:33:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iLdc6-0002cu-GG for bug-guix@gnu.org; Fri, 18 Oct 2019 21:33:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <877e5215ox.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 37744@debbugs.gnu.org Hi Ludo, On +2019-10-18 16:36:30 +0200, Ludovic Courtès wrote: > Bengt Richter skribis: > > > On +2019-10-17 22:25:58 +0200, Ludovic Courtès wrote: > > [...] > > >> > Imperialist nitpick: why list the foreigners first? :-) > >> > > >> > Anti-imperialist nitpick: reversing the two allows using ‘other > >> > distributions’ instead of ‘foreign’ which always sounds a bit > >> > dismissive to my ears. > >> > > >> > End nitpick. > >> > >> That makes sense to me; I’m not satisfied with “foreign” either (I think > >> the inspiration came from FFIs, but still). Maybe “fellow distros”? > >> :-) > > > > Is not the important distinction whether the "foreign distro" can be generated > > with pure guix libre components using a pure guix tool chain vs not? > > “Foreign distro” designates any distro other than Guix System. From a > technical viewpoint, it’s sometimes useful to be able to make that > distinction. > > HTH, > Ludo’. I was trying to get to a more exact definition of "that distinction" :) I have read the page at "info guix installation", where "foreign" is explained: --------------------------- Note: We recommend the use of this shell installer script (https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh) to install Guix on top of a running GNU/Linux system, thereafter called a “foreign distro”.(1) The script automates the download, installation, and initial configuration of Guix. It should be run as the root user. When installed on a foreign distro, GNU Guix complements the available tools without interference. Its data lives exclusively in two directories, usually ‘/gnu/store’ and ‘/var/guix’; other files on your system, such as ‘/etc’, are left untouched. [...] (1) This section is concerned with the installation of the package manager, which can be done on top of a running GNU/Linux system. If, instead, you want to install the complete GNU operating system, *note System Installation::. --------------------------- I have also read from "info guix introduction": ----------------- (2) We used to refer to Guix System as “Guix System Distribution” or “GuixSD”. We now consider it makes more sense to group everything under the “Guix” banner since, after all, Guix System is readily available through the ‘guix system’ command, even if you’re using a different distro underneath! ---------------- further along it says: ----------------------- With Guix System, you _declare_ all aspects of the operating system configuration and Guix takes care of instantiating the configuration in a transactional, reproducible, and stateless fashion (*note System Configuration::). Guix System uses the Linux-libre kernel, the Shepherd initialization system (*note (shepherd)Introduction::), the well-known GNU utilities and tool chain, as well as the graphical environment or system services of your choice. ----------------------- That sounds more restricted than "... even if you’re using a different distro underneath!" When you say "Guix System," do/should you really mean _only_ a system specifically running a linux-libre kernel, built with no dependencies outside of GuixSD official sources, and using Shepherd initialization?? E.g., the purism OS has (UIAM) been recognized as free as in RMS's "ryf" but is it compiled entirely using only tools in /gnu/store/... ? Ask them, right? ;-) (BTW, does anyone in the guix community have contact with them? I think they are trying to contribute upstream and do "The Right Thing"(TM)) My point is, if e.g. a bug is caused by something that is different in their kernel image from the one you generate from linux-libre and GuixSD sources, then we will be chasing a bug in their build process, not ours. Sometimes it might be "useful to be able to make that distinction" no? :) (kernel image is just an example, likewise for initrd's or anything that runs that was not derived from official guix/GuixSD sources). BTW, Is it safe to do "guix system reconfigure" naively, "... even if you’re using a different distro underneath!" ?? I am afraid to try it :) -- Regards, Bengt Richter PS. I think it would be useful if there were a LD_IMPURE_REFERENCE_LOG="path/to/logfile.txt" in an easy-to-edit place that, if present, would cause the ld wrapper to append to log what it finds (even if otherwise ignoring impure refs) WDYT?