unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine.
@ 2022-11-19 12:09 pelzflorian (Florian Pelz)
  2022-11-19 13:37 ` Tobias Geerinckx-Rice via Guix-patches via
  0 siblings, 1 reply; 6+ messages in thread
From: pelzflorian (Florian Pelz) @ 2022-11-19 12:09 UTC (permalink / raw)
  To: 59383

* doc/guix.texi (Invoking guix time-machine): Add a note.
---
 doc/guix.texi | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index eaecfd0daa..c29db13be6 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -60,7 +60,7 @@
 Copyright @copyright{} 2018 Mike Gerwitz@*
 Copyright @copyright{} 2018 Pierre-Antoine Rouby@*
 Copyright @copyright{} 2018, 2019 Gábor Boskovits@*
-Copyright @copyright{} 2018, 2019, 2020 Florian Pelz@*
+Copyright @copyright{} 2018, 2019, 2020, 2022 Florian Pelz@*
 Copyright @copyright{} 2018 Laura Lazzati@*
 Copyright @copyright{} 2018 Alex Vong@*
 Copyright @copyright{} 2019 Josh Holland@*
@@ -4834,6 +4834,13 @@ Invoking guix time-machine
 large number of packages; the result is cached though and subsequent
 commands targeting the same commit are almost instantaneous.
 
+@quotation Note
+Naturally, no security fixes can be provided for old versions of Guix
+or its channels.  This also means that careless use of @command{guix
+time-machine} opens the door to downgrade attacks.
+@xref{Invoking guix pull, @option{--allow-downgrades}}.
+@end quotation
+
 The general syntax is:
 
 @example

base-commit: 7502af793172714b2b322c21ba2379c698108ef2
-- 
2.38.0





^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine.
  2022-11-19 12:09 [bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine pelzflorian (Florian Pelz)
@ 2022-11-19 13:37 ` Tobias Geerinckx-Rice via Guix-patches via
  2022-11-19 17:39   ` pelzflorian (Florian Pelz)
  0 siblings, 1 reply; 6+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2022-11-19 13:37 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 59383

[-- Attachment #1: Type: text/plain, Size: 561 bytes --]

Hi Florian,

and thanks for the patch.

pelzflorian (Florian Pelz) 写道:
> +@quotation Note
> +Naturally, no security fixes can be provided for old versions 
> of Guix
> +or its channels.  This also means that careless use of 
> @command{guix
> +time-machine} opens the door to downgrade attacks.
> +@xref{Invoking guix pull, @option{--allow-downgrades}}.
> +@end quotation

‘Attack’ is a very big word.  It should not end a paragraph.  What 
would the downgrade attack—distinct from a downgrade—look like?

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine.
  2022-11-19 13:37 ` Tobias Geerinckx-Rice via Guix-patches via
@ 2022-11-19 17:39   ` pelzflorian (Florian Pelz)
  2022-11-21 11:19     ` zimoun
  0 siblings, 1 reply; 6+ messages in thread
From: pelzflorian (Florian Pelz) @ 2022-11-19 17:39 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 59383

Hi Tobias, thanks for your thoughts.

Tobias Geerinckx-Rice <me@tobias.gr> writes:
> pelzflorian (Florian Pelz) 写道:
>> @quotation Note
>> Naturally, no security fixes can be provided for old versions of Guix
>> or its channels.  This also means that careless use of @command{guix
>> time-machine} opens the door to downgrade attacks.
>> @xref{Invoking guix pull, @option{--allow-downgrades}}.
>> @end quotation
> ‘Attack’ is a very big word.  It should not end a paragraph.  What
> would the downgrade attack—distinct from a downgrade—look like?

My choice of words was the same as in the unattended upgrades service,
but perhaps I should add before the @xref:

Suggestions to ``just use the time machine'' could be attempts to trick
people to use old software.  But they can also get you back to a working
state.

Regards,
Florian




^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine.
  2022-11-19 17:39   ` pelzflorian (Florian Pelz)
@ 2022-11-21 11:19     ` zimoun
  2022-11-22  7:58       ` Ludovic Courtès
  0 siblings, 1 reply; 6+ messages in thread
From: zimoun @ 2022-11-21 11:19 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz), Tobias Geerinckx-Rice; +Cc: 59383

Hi,

On Sat, 19 Nov 2022 at 18:39, "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> wrote:

>>> @quotation Note
>>> Naturally, no security fixes can be provided for old versions of Guix
>>> or its channels.  This also means that careless use of @command{guix
>>> time-machine} opens the door to downgrade attacks.
>>> @xref{Invoking guix pull, @option{--allow-downgrades}}.
>>> @end quotation
>>
>> ‘Attack’ is a very big word.  It should not end a paragraph.  What
>> would the downgrade attack—distinct from a downgrade—look like?

Why not something like,

--8<---------------cut here---------------start------------->8---
@quotation Note
The history of Guix is immutable and @command{guix time-machine}
provides the exact same software as they are in a specific Guix
revision.  Naturally, no security fixes are provided for old versions
of Guix or its channels.  A careless use of @command{guix time-machine}
opens the door to security vulnerabilities @xref{Invoking guix pull,
@option{--allow-downgrades}}.
@end quotation
--8<---------------cut here---------------end--------------->8---

?

Cheers,
simon




^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine.
  2022-11-21 11:19     ` zimoun
@ 2022-11-22  7:58       ` Ludovic Courtès
  2022-11-22 14:47         ` bug#59383: " pelzflorian (Florian Pelz)
  0 siblings, 1 reply; 6+ messages in thread
From: Ludovic Courtès @ 2022-11-22  7:58 UTC (permalink / raw)
  To: zimoun; +Cc: Tobias Geerinckx-Rice, pelzflorian (Florian Pelz), 59383

Hi,

zimoun <zimon.toutoune@gmail.com> skribis:

> @quotation Note
> The history of Guix is immutable and @command{guix time-machine}
> provides the exact same software as they are in a specific Guix
> revision.  Naturally, no security fixes are provided for old versions
> of Guix or its channels.  A careless use of @command{guix time-machine}
> opens the door to security vulnerabilities @xref{Invoking guix pull,
> @option{--allow-downgrades}}.
> @end quotation

I like that wording.  Florian, WDYT?

Ludo’.




^ permalink raw reply	[flat|nested] 6+ messages in thread

* bug#59383: [PATCH] doc: Call out potential for downgrade attacks with time-machine.
  2022-11-22  7:58       ` Ludovic Courtès
@ 2022-11-22 14:47         ` pelzflorian (Florian Pelz)
  0 siblings, 0 replies; 6+ messages in thread
From: pelzflorian (Florian Pelz) @ 2022-11-22 14:47 UTC (permalink / raw)
  To: 59383-done; +Cc: Ludovic Courtès, Tobias Geerinckx-Rice, zimoun

zimoun’s wording is good; less alarmist.  I used his words (with a
period before @xref, no french spacing and a less alarmist commit
message and Co-authored by line).  Pushed as
b8d4c323f5d089dd800b358143d5bae26c965404.  Closing.

Regards,
Florian




^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-11-22 14:48 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-19 12:09 [bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine pelzflorian (Florian Pelz)
2022-11-19 13:37 ` Tobias Geerinckx-Rice via Guix-patches via
2022-11-19 17:39   ` pelzflorian (Florian Pelz)
2022-11-21 11:19     ` zimoun
2022-11-22  7:58       ` Ludovic Courtès
2022-11-22 14:47         ` bug#59383: " pelzflorian (Florian Pelz)

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).