From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Wingo Subject: Re: server and client in one package -> security issue Date: Tue, 14 Feb 2017 12:19:09 +0100 Message-ID: References: <20170201204312.3005-1-contact.ng0@cryptolab.net> <87mvdvxq9v.fsf@gnu.org> <20170209182030.ngn2dsdfbzsmymdj@wasp> <87efz7asit.fsf@gnu.org> <96fa2c02-f5da-d4f5-6074-04b29f5376fb@crazy-compilers.com> <87o9y6dvrf.fsf@gnu.org> <58A2DBD0.80905@crazy-compilers.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35335) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cdb9L-0000cl-4d for guix-devel@gnu.org; Tue, 14 Feb 2017 06:20:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cdb9G-0007Pg-6j for guix-devel@gnu.org; Tue, 14 Feb 2017 06:19:59 -0500 In-Reply-To: <58A2DBD0.80905@crazy-compilers.com> (Hartmut Goebel's message of "Tue, 14 Feb 2017 11:28:32 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Hartmut Goebel Cc: guix-devel@gnu.org On Tue 14 Feb 2017 11:28, Hartmut Goebel wri= tes: > Am 13.02.2017 um 15:13 schrieb Ludovic Court=C3=A8s: >> Now, back to the =E2=80=9Conly install the required software=E2=80=9D, I= wouldn=E2=80=99t go as >> far as you do. I generally agree with the rule, but I=E2=80=99m skeptic= al as to >> what this buys you from a security perspective: users can always install >> whatever they want by hand anyway, and do you have an idea as to how >> much code they install via their browser? > > Looks like we are talking about different systems. I'm talking about > hardened systems, esp. servers, where users are not allowed to install > additional software =E2=80=93 not even browser add-on. If the user has no access to the Guix store and daemon, so they can't even "guix package --install foo", then you're operating on effectively a snapshot of the store, right? So perhaps you want a facility that when exporting this store snapshot can remove some subset of files, like for example the include/ tree on all store directories. But because this is just an snapshot/export of the store, it doesn't seem necessary to actually change any particular Guix package to reach your goal, as far as I understand things anyway. Andy