From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id MJmHJyz4I2ADTAAA0tVLHw (envelope-from ) for ; Wed, 10 Feb 2021 15:13:48 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id uKJ3Iyz4I2BTPQAA1q6Kng (envelope-from ) for ; Wed, 10 Feb 2021 15:13:48 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9C68D940439 for ; Wed, 10 Feb 2021 15:13:47 +0000 (UTC) Received: from localhost ([::1]:36002 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l9rBa-0005gM-FN for larch@yhetil.org; Wed, 10 Feb 2021 10:13:46 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50532) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l9rBI-0005Ok-NG for guix-devel@gnu.org; Wed, 10 Feb 2021 10:13:28 -0500 Received: from flashner.co.il ([178.62.234.194]:55184) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l9rBH-0001tG-0n for guix-devel@gnu.org; Wed, 10 Feb 2021 10:13:28 -0500 Received: from localhost (unknown [31.210.181.184]) by flashner.co.il (Postfix) with ESMTPSA id 58E4640224; Wed, 10 Feb 2021 15:13:25 +0000 (UTC) Date: Wed, 10 Feb 2021 17:12:48 +0200 From: Efraim Flashner To: Christopher Baines Subject: Re: Mitigating "dependency confusion" attacks on Guix users Message-ID: References: <461926c3d053474dd7196c9ed8f59a45b8c9c82f@hey.com> <871rdobbt0.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="+lgRaoC/5E29ZduJ" Content-Disposition: inline In-Reply-To: <871rdobbt0.fsf@cbaines.net> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Received-SPF: pass client-ip=178.62.234.194; envelope-from=efraim@flashner.co.il; helo=flashner.co.il X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org, Ryan Prior Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -3.96 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 9C68D940439 X-Spam-Score: -3.96 X-Migadu-Scanner: scn1.migadu.com X-TUID: J5shFPfTajIy --+lgRaoC/5E29ZduJ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 10, 2021 at 07:51:23AM +0000, Christopher Baines wrote: >=20 > Ryan Prior writes: >=20 > > However, I'm still thinking about how to attack Guix users. Somebody who > > adds an internal channel for their own packages could still be > > vulnerable to a dependency confusion attack via a compromised or > > manipulated Guix maintainer. The target of the attack could install > > packages they believed would be provided by their internal channel but > > actually get another package provided upstream. > > > > The degree of vulnerability increases further with each channel used, > > with each channel maintainer becoming another potential vector of > > compromise. How can we make this kind of attack even more difficult? > > > > What comes to my mind is that we should encourage (require?) people to > > specify the channel name a package belongs to, if it's not the "guix" > > channel. So instead of referring to "python-beautifulsoup4" (ambiguous: > > is this from my channel or upstream Guix?) we say that "python- > > beautifulsoup4" always means that package from the "guix" channel and a > > version provided by my channel called "internal" needs to be called for > > explicitly, like "@internal/python-beautifulsoup4". >=20 > I'm not sure you can escape trusting the collection of channels you're > using. Because channels are code that's expected to interact, I'm not > sure it's easy to target a single package from a specific channel, and > expect that this provides some security. A malicious channel could > simply reach out and modify the state in modules from a different > channel, which would circumvent the protection you're suggesting. perhaps with module-set! ? Is that the one that lets you redefine a package in a different module, from, say, your os-config? --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --+lgRaoC/5E29ZduJ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmAj9+0ACgkQQarn3Mo9 g1HAQA//alCunICva5kFGQ6Dy/FODGwD12Dvog945KYbaBJ/E1W1HfdzV27uWfDR 8QUONVMeXjDSYvmJFFT22B3Rv0C53mtly/AzGD+NowTswxxX/B86Yk8wZxqM/hst dAuIuI+zyY04Urb5YLeEyRg5kyN0Lz6g4239EkmpchXh4ElICyhquqnYlyxnnkne g1LKPruKwnu8/L0/YTulaBTsPA/zPz8ZwnmmG7WuGKqUSwnLkxKkMdgkK/VrYtbe IOQWji/7sNhFJ0RtpTcCIoeyM7K7Kqi9Y8a8FId2sZ4n/r0/P1zOcw6wYELCdhN2 HIjyjcSDxwacHQ1fH6tTZfXpwkCr+B/+W+FxMWNj3VXRscJq7innkp1l9/bpIq+r 6A5lWpVdxDDNkTDJ3SxatDE8mTi3vLZADUrDowAKn62mVRBlvTH6r0ytGTVbhNe8 rRlE9DCwqGAs5rlW/+w2SjJJtmCP+jDe1r+7+u5pPTFc5tkr+q0QQgBWneMn0JLB JTm4nxsLNUCcWS3bg5X7Wz+nPVfZp6FRzcqPDm2FJOmY34D5ap/+TgiYE0cwyBEj zr1z2A7VWV/V+0EnkTc8GmV+W6G65l/DOQng5rtlP5Sbz9AMIqYEY+QSPAi9NOKC AXRLXq+aLPyebL0mEwA7qqGE+PSwXFxySVuDXnM9Z9TqqNJEmJE= =Av1u -----END PGP SIGNATURE----- --+lgRaoC/5E29ZduJ--