unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* Security questions around using Guix to package apps
@ 2017-06-27  9:19 Divan Santana
  2017-06-27 14:29 ` Leo Famulari
  0 siblings, 1 reply; 5+ messages in thread
From: Divan Santana @ 2017-06-27  9:19 UTC (permalink / raw)
  To: help-guix

Hi All,

Firstly love the work the Guix community is going and hoping to start
using it more.

I don't know too much about Guix but we considering using it and
switching from the typical RPM/yum solution we have implemented in our
large corporation here.

* Our problem

So our team manages a few thousand Linux systems for customers.

We don't allow full root access for the customes/users of the systems.

Though the customers/users require to ship applications. They normally do this
with something like RPMs and a yum repository.

The problem with this is:
1. yum/rpm requires root to install/upgrade/remove packages.
2. One can ship certain files in an RPM install it via yum and gain full root.
3. One can therefore use the RPMs/yum to gain full root.

* Consider Guix as a solution

The question is if Guix could solve the above?

I know it doesn't require root so that solves problem 1.

Though I think 2 is still a problem. Is it?

* Getting to the actual question
Therefore can one ship files in a guix package and as nonroot install this
package. Then use the files the package provided as a nonroot user to gain root?

Or written another way, if guix is installed on a system and configured to point
to substitutes that the same nonroot user has access to submit and approve
packages in, can that nonroot user on the system gain root. Therefore would one
need to review the submitted packages to avoid the user gaining root.

** Some theoretical examples of doing this

1.
One example to do this would be to create a shell script with =sudo su -= (or
similar problematic) contents then byte compile it and ship that in the
application with setuid permission bit set on it?

If this was possible with Guix, putting =/gnu= on it's own FS with mount option
of =setuid=0= should solve this.

2.
Ship a sudo file and install it in =/etc/sudoers.d= though I'm not sure if
that's possible with Guix since it's kind of it it's own chroot. Unless it
supports post-scripts section and that gets executed as root (doubt it).

Hope the above makes sense.

Greetings from South Africa
--
Divan Santana

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2017-06-30 13:58 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-06-27  9:19 Security questions around using Guix to package apps Divan Santana
2017-06-27 14:29 ` Leo Famulari
2017-06-30  9:38   ` Divan Santana
2017-06-30 12:54     ` Ludovic Courtès
2017-06-30 13:22       ` Divan Santana

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).