From mboxrd@z Thu Jan  1 00:00:00 1970
From: Carlo Zancanaro <carlo@zancanaro.id.au>
Subject: Re: [RFC] A simple draft for channels
Date: Wed, 24 Jan 2018 10:01:02 +1100
Message-ID: <87h8rcyyc1.fsf@zancanaro.id.au>
References: <87bmhq6ytg.fsf@mdc-berlin.de> <87d1263qzt.fsf@gnu.org>
	<20180119135658.GA5944@thebird.nl> <87vaftyt8v.fsf@elephly.net>
	<20180123085407.GA29079@thebird.nl>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42715)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <carlozancanaro@gmail.com>) id 1ee7Z6-0004oE-UM
	for guix-devel@gnu.org; Tue, 23 Jan 2018 18:01:19 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <carlozancanaro@gmail.com>) id 1ee7Z1-0008SU-TC
	for guix-devel@gnu.org; Tue, 23 Jan 2018 18:01:16 -0500
Received: from mail-wr0-x22d.google.com ([2a00:1450:400c:c0c::22d]:44875)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <carlozancanaro@gmail.com>)
	id 1ee7Z1-0008Q1-H5
	for guix-devel@gnu.org; Tue, 23 Jan 2018 18:01:11 -0500
Received: by mail-wr0-x22d.google.com with SMTP id w50so2280035wrc.11
	for <guix-devel@gnu.org>; Tue, 23 Jan 2018 15:01:11 -0800 (PST)
In-reply-to: <20180123085407.GA29079@thebird.nl>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Pjotr Prins <pjotr.public12@thebird.nl>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain; format=flowed

On Tue, Jan 23 2018, Pjotr Prins wrote:
> How is it a security issue?

If I can authorise any substitute server key that I want, then I 
can authorise my own server's key. I can then create a malicious 
substitute that doesn't correspond to the build recipe in Guix. I 
could inject whatever code I want into this substitute, and have 
it placed in the store as the output for the derivation. When 
another user attempts to install the same package into their 
profile they will then use my malicious substitute (even though 
they never authorised my server's key).

Carlo

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEwWt2bKTcV+mIZ20oCShLEsLiKqIFAlpnvq4ACgkQCShLEsLi
KqLlGAf/RgY7md0aFpoxvdBtbrlI4NQeCtba3ocSxOqdMZWzp6TEaxrzAUBX0XgE
OC3BcSjWq4Y0XXldX2vW0mk15KgGw8qlJlHWQLw7y5Gd0AeQR1slyGU/OqeB5dpB
3ieZLc96NgYGkazx0U6rRTKHOHYXkBhUwF8eKNRtpqErvuPg8tj8aW7wfu4QkLU5
IEToR5++ZcRenJAKNERelq4ZOFqU7boCsgamvBdpc04A2j2zyg+fA/NiQaGlhORr
yhHaEOZ2OeyMXja/rm0anWXu78/1wELJ/hNBOfQVa+QzMUXBsQ0HjjWYvUqEW5Ls
Uu/V6905SssYz0yJlD1DBY56RmM3JA==
=NAQO
-----END PGP SIGNATURE-----
--=-=-=--