From mboxrd@z Thu Jan 1 00:00:00 1970 From: Danny Milosavljevic Subject: Re: server and client in one package -> security issue (was: Add murmur) Date: Tue, 14 Feb 2017 10:16:51 +0100 Message-ID: <20170214101651.068fb59a@scratchpost.org> References: <20170201204312.3005-1-contact.ng0@cryptolab.net> <87mvdvxq9v.fsf@gnu.org> <20170209182030.ngn2dsdfbzsmymdj@wasp> <87efz7asit.fsf@gnu.org> <96fa2c02-f5da-d4f5-6074-04b29f5376fb@crazy-compilers.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58166) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cdZEL-0008RC-30 for guix-devel@gnu.org; Tue, 14 Feb 2017 04:17:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cdZEH-0004I1-U2 for guix-devel@gnu.org; Tue, 14 Feb 2017 04:17:01 -0500 Received: from dd1012.kasserver.com ([85.13.128.8]:57367) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cdZEH-0004GL-Md for guix-devel@gnu.org; Tue, 14 Feb 2017 04:16:57 -0500 In-Reply-To: <96fa2c02-f5da-d4f5-6074-04b29f5376fb@crazy-compilers.com> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Hartmut Goebel Cc: guix-devel@gnu.org Hi, I think the argument that things that don't exist can't be abused is a good one. However, a regular user can install it anyway. I don't remember when I last ran "guix package -i" as root. I just run it using my regular user account. So to separate the outputs adds just a miniscule step. In the end, there's a trade-off to be made. Either we trust users to develop, too, or not. Obviously they can use it for good or bad, then. I myself am a free software hacker and I'd prefer if systems automatically had the development stuff installed so others can be free software hackers, too. And an experienced hacker doesn't need header files either. I made up some of my own just searching Google - it's not difficult and takes about 30 min at most. If we want hardened critical production systems, I agree it should only contain absolutely required files with programs as simple as one can get them, use SELinux and use hardened gcc and someone should have reviewed the base libraries and any other stuff that runs (basically until a reasonable confidence level is reached). I don't think Guix should do that, though. IMO locking down everything for users is basically the antithesis of the FSF.