unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#41425] [PATCH 0/5] Have 'guix pull' protect against downgrade attacks
@ 2020-05-20 21:38 Ludovic Courtès
  2020-05-20 21:47 ` [bug#41425] [PATCH 1/5] git: Add 'commit-relation' Ludovic Courtès
                   ` (2 more replies)
  0 siblings, 3 replies; 12+ messages in thread
From: Ludovic Courtès @ 2020-05-20 21:38 UTC (permalink / raw)
  To: 41425; +Cc: Ludovic Courtès

Hello!

This patch series aims to protect against “downgrade attacks”, whereby
a “guix pull” command would in fact deploy an older or an unrelated
revision of Guix, potentially leading you to install vulnerable or
malicious software.

By default ‘guix pull’ would now error out if the target commit of a
channel is not a descendant of the currently-used commit, according to
the commit graph.  There’s an option to bypass that.  ‘guix
time-machine’ behavior is unchanged though: it never complains.

This is generally useful and it’s a requirement for authenticated
checkouts as discussed in <https://issues.guix.gnu.org/22883>,
otherwise one could easily escape the intended authentication scheme
by branching and providing a different ‘.guix-authorizations’ file.

Feedback welcome!

Ludo’.

Ludovic Courtès (5):
  git: Add 'commit-relation'.
  channels: 'latest-channel-instances' doesn't leak internal state.
  git: 'update-cached-checkout' returns the commit relation.
  channels: 'latest-channel-instances' guards against non-forward
    updates.
  pull: Protect against downgrade attacks.

 doc/guix.texi         |  15 ++++
 guix/channels.scm     | 156 ++++++++++++++++++++++++++++++------------
 guix/git.scm          |  37 ++++++++--
 guix/import/opam.scm  |   2 +-
 guix/scripts/pull.scm |  35 +++++++++-
 tests/channels.scm    |  47 +++++++++++--
 tests/git.scm         |  42 +++++++++++-
 7 files changed, 276 insertions(+), 58 deletions(-)

-- 
2.26.2





^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, other threads:[~2020-05-28  8:07 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-20 21:38 [bug#41425] [PATCH 0/5] Have 'guix pull' protect against downgrade attacks Ludovic Courtès
2020-05-20 21:47 ` [bug#41425] [PATCH 1/5] git: Add 'commit-relation' Ludovic Courtès
2020-05-20 21:47   ` [bug#41425] [PATCH 2/5] channels: 'latest-channel-instances' doesn't leak internal state Ludovic Courtès
2020-05-20 21:47   ` [bug#41425] [PATCH 3/5] git: 'update-cached-checkout' returns the commit relation Ludovic Courtès
2020-05-20 21:47   ` [bug#41425] [PATCH 4/5] channels: 'latest-channel-instances' guards against non-forward updates Ludovic Courtès
2020-05-20 21:47   ` [bug#41425] [PATCH 5/5] pull: Protect against downgrade attacks Ludovic Courtès
2020-05-21 14:06 ` [bug#41425] [PATCH 0/5] Have 'guix pull' protect " zimoun
2020-05-22 13:55   ` Ludovic Courtès
2020-05-25 14:36     ` zimoun
2020-05-27 16:32       ` Ludovic Courtès
2020-05-28  8:06         ` zimoun
2020-05-24 22:02 ` bug#41425: " Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).