From: "Ludovic Courtès" <ludo@gnu.org>
To: zimoun <zimon.toutoune@gmail.com>
Cc: 41908@debbugs.gnu.org
Subject: bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
Date: Mon, 22 Jun 2020 10:01:29 +0200 [thread overview]
Message-ID: <87zh8v7cme.fsf@gnu.org> (raw)
In-Reply-To: <86mu4ws8ah.fsf@gmail.com> (zimoun's message of "Sun, 21 Jun 2020 18:17:10 +0200")
Hi,
zimoun <zimon.toutoune@gmail.com> skribis:
> On Sat, 20 Jun 2020 at 12:40, Ludovic Courtès <ludo@gnu.org> wrote:
>> zimoun <zimon.toutoune@gmail.com> skribis:
>
>>> BTW, from a security perspective, it is easy to cheat by removing some
>>> commits so the file ~/.cache/guix/authentication/channels/guix should be
>>> protected: read-only and only writable by the daemon.
>>
>> It’s 600 of course. What we could do is ignore it if it’s not 600 when
>> we open it.
>
> This could help. :-)
Done in 41939c374a3ef421d2d4c6453c327a9cd7af4ce5.
>> Crucially: we cannot and should not restrict what the user can do for
>> the sake of security. Users can pass ‘--disable-authentication’, they
>> can run binaries taken from the net, whatever; it’s their machine.
>
> Well, I have not thought deeply to an attack, but the point is to
> protect the user when they runs "guix pull" alone i.e., they can trust
> the server. An attack could be for example an email with an attachment,
> click, then boum: tweak ~/.config/guix/channels.scm and
> ~/.cache/guix/authentication/channels/guix, then the user runs "guix
> pull" which the expectation that everything is checked and
> authenticated and in fact no, they is talking to malicious server.
I don’t really see how the attachment would modify a local file, but
even if that’s a possibility, it’s beyond the scope of Guix: we cannot
prevent users from shooting themselves in the foot.
Ludo’.
next prev parent reply other threads:[~2020-06-22 8:02 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-17 9:27 bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix' Jan Nieuwenhuizen
2020-06-18 22:29 ` zimoun
2020-06-18 23:02 ` zimoun
2020-06-19 21:17 ` Ludovic Courtès
2020-06-19 23:22 ` zimoun
2020-06-20 10:40 ` Ludovic Courtès
2020-06-21 16:17 ` zimoun
2020-06-22 8:01 ` Ludovic Courtès [this message]
2020-06-20 13:58 ` Marius Bakke
2020-06-21 15:43 ` Ludovic Courtès
2020-06-21 16:18 ` zimoun
2020-06-22 8:54 ` zimoun
2020-06-23 7:35 ` Ludovic Courtès
2020-06-23 8:42 ` zimoun
2020-06-23 8:53 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zh8v7cme.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=41908@debbugs.gnu.org \
--cc=zimon.toutoune@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).