From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Security questions around using Guix to package apps Date: Fri, 30 Jun 2017 14:54:14 +0200 Message-ID: <87k23tmya1.fsf@gnu.org> References: <8737alaiub.fsf@santanas.co.za> <20170627142945.GA24687@jasmine.lan> <87bmp5hl2l.fsf@santanas.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39825) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQvRG-0003UA-Pv for help-guix@gnu.org; Fri, 30 Jun 2017 08:54:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQvRC-000556-9r for help-guix@gnu.org; Fri, 30 Jun 2017 08:54:22 -0400 In-Reply-To: <87bmp5hl2l.fsf@santanas.co.za> (Divan Santana's message of "Fri, 30 Jun 2017 11:38:26 +0200") List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Divan Santana Cc: help-guix@gnu.org Hello Divan, Divan Santana skribis: > If guix is installed on a system and configured to point to substitutes > that the same nonroot user has access to submit and approve packages in, > can that nonroot user on the system gain root. Therefore would one need > to review the submitted packages to avoid the user gaining root. > > (This is talking about guix package manager on a foreign distro like > RedHat) > > I'm guessing it's not possible. Though would be nice to have > feedback from those that are more familiar with it. We owe this design to Eelco Dolstra et al. of Nix. There=E2=80=99s a very = good analysis in this paper: https://nixos.org/~eelco/pubs/secsharing-ase2005-final.pdf Hopefully it answers all your questions and more. If not, come back here. :-) Ludo=E2=80=99.