From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id GDL7KCPfWGDvdQAA0tVLHw (envelope-from ) for ; Mon, 22 Mar 2021 18:17:07 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id CNWeJCPfWGAjSQAA1q6Kng (envelope-from ) for ; Mon, 22 Mar 2021 18:17:07 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D581912DF8 for ; Mon, 22 Mar 2021 19:17:06 +0100 (CET) Received: from localhost ([::1]:43486 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lOP6u-0001FU-6k for larch@yhetil.org; Mon, 22 Mar 2021 14:17:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58270) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lOP6m-00019a-Ap for gwl-devel@gnu.org; Mon, 22 Mar 2021 14:16:56 -0400 Received: from mail-qk1-x72a.google.com ([2607:f8b0:4864:20::72a]:45652) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lOP6i-0002Xa-D0 for gwl-devel@gnu.org; Mon, 22 Mar 2021 14:16:56 -0400 Received: by mail-qk1-x72a.google.com with SMTP id q3so11557374qkq.12 for ; Mon, 22 Mar 2021 11:16:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1wPWErYECJwTwIvaZ/tKlrCBBqrQjnN+gWKm6dERLk8=; b=XOLC6F4C+HzbdZEmOa6x6s1zpDMajzNP6G095eh0BkXq6se74eVtZbmrtiElB/cJTS txJ8m9fKE0uvJ9omp+nIdtsYheiJIyfJtRHaTbkOqXxBYNFm/+C//+pPJYilvghWzNaz FyOwtYVVpJ+s6DfuKx2fpBSEdgWNtIh3o7130o4pxbd9zLrkQTNLWI3a4xVXd6JgO8o3 4acCChglmocKscOy7THnzRLuLC9EM9Q7dOZyQ16o0+FNzKoF+nuCqKe89BewvqfPX9ws WT9a5lgqHhBWLYRcAlpBni2HLsJRUnJYXNI6L9Q7qOMRNlvSOEjcAG7HWDP4O1TmRpBZ nGcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1wPWErYECJwTwIvaZ/tKlrCBBqrQjnN+gWKm6dERLk8=; b=rR2CSZ4dsz4JPlZSMsalhVMkNTON/VB6X5A7eQuQO4fsAvBvMlt13ddjAnPtEcULrb RN7TbqgOIsklmBY06Tr0UmB3+LD6bCH2jlrjq7k9dpJmyE1lbzJRMyciFscUbQmQqD+h 7Du9R2XCF1pa93Z8FA5pf/OsxY6YhjSr1c/BTVSaIRk66qh/G3ZGgFqqCWbRz0z9fKe9 c53huW/5g/lhTbqyoR83LyXE/RNPrq47RIblMGEfsv8+HOG3uXx8yRZq4N2+G2OQlhZk vEDKI/1nu3/uCWalm6/NYtL3nIn1umg1Y9tqE8xC5OtEHjJlFDxFCTJ8tDxvGprJfDvt NbMQ== X-Gm-Message-State: AOAM530Vb+Ive4Vz2hASZ58TGJeMn3pJi/ywy/pJSguAox9VC8nAipfe U/w1ldKOb8Db795IFdzGsWaUlTrTiGmqDtAVLP0= X-Google-Smtp-Source: ABdhPJx84qcRM+qkMhQCHm3t0mVYKO3BP7t0oXPCll1709yDjy2rceBkHw49Zqf15bMiUBDxmLREyXwr3WdaiJZlP1E= X-Received: by 2002:a37:8906:: with SMTP id l6mr1395643qkd.232.1616437011389; Mon, 22 Mar 2021 11:16:51 -0700 (PDT) MIME-Version: 1.0 References: <86y2efzc08.fsf@gmail.com> In-Reply-To: From: zimoun Date: Mon, 22 Mar 2021 19:16:40 +0100 Message-ID: Subject: Re: Getting started with GWL 0.3.0 To: Konrad Hinsen Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2607:f8b0:4864:20::72a; envelope-from=zimon.toutoune@gmail.com; helo=mail-qk1-x72a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: gwl-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: gwl-devel@gnu.org Errors-To: gwl-devel-bounces+larch=yhetil.org@gnu.org Sender: "gwl-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616437027; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=1wPWErYECJwTwIvaZ/tKlrCBBqrQjnN+gWKm6dERLk8=; b=l58zV/AnVSqOLIKYF0wHBAvwcYLBE0dSpSHykuYNvwihr3Kw85ExTDx7PGcbUcnallgLPM peynCo/jdicAK03U6xTZRe2SJXeWSiEb8uy3DTIPfU8qsugZHaCgTN5VL1zUFBc/uy6eGc qsvvc3iYQOm/5WwNG+j435H3DgkWrEAhDWveGeR6mx8o4gqAOsDD8HOy9x/eNvOV81a+So i14MIHI3wCnhRrX+jcH+UP/oQj1AYSbZrDnWnazQ24T53yCjFvI0ec2I0f4VOZmPfkGVvt /bauKKsXfV8FGFEmqBXGg75xXHO0ptZnF4TEwRqK/Z10QlFsDTJdtkoA+8WTtQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616437027; a=rsa-sha256; cv=none; b=m47wgOWQ6znd4nsLJoNc06nOZpaRC0HXg+7CX6JWLMq2BQ6bME/jfCzfuwcnbxTlCxwMJY rByz3OVb71AH6RPB5KwHEL3nx0OFwmlN4uXipOfggK7tslpRCgC76ff+llzgusGrUQAnXz 7DkbNesjETn78NjTKNYdC+MGaI6GwNBavWfi04R299MF6ABOMRsMRFIG0MOcf6OQ1YC+ns j+ESjz3ke6JEcBQfGu6LoOoQbAi+Xk77MDyKaQc/54ivl/4SVNNOIEG7oS9oJ2vp7uIRK0 ntj2qsW+VMufRSJa8wvGfPlVlWSt//UGqBR7oefSYMS9UZk3LCBcz8vKEQcV/g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=XOLC6F4C; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of gwl-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=gwl-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.12 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=XOLC6F4C; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of gwl-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=gwl-devel-bounces@gnu.org X-Migadu-Queue-Id: D581912DF8 X-Spam-Score: -3.12 X-Migadu-Scanner: scn0.migadu.com X-TUID: QekXd2fnay4g Hi, On Mon, 22 Mar 2021 at 16:07, Konrad Hinsen wrote: > zimoun writes: > The vulnerability level is the same, but a typical user's expectations > are not. When I run a script via "guix repl", it is perfectly obvious to > me that that script is not part of Guix. When I run the command "foo", > it is also perfectly obvious to me that "foo" is not part of Guix. But > "guix workflow" looks as if it were part of Guix. > > Guix users need a significant level of trust in Guix and its developers > in order to use Guix. Attackers could exploit this trust by tricking > users into adding malicious code (via a channel, for example) that takes > the form of a Guix extension. People do run downloaded bash scripts > with root permissions, after all (e.g. for installing Guix ;-). > > > And if you worry, I guess you can run GWL in a container, something like; > > > > guix environment -C --ad-hoc gwl -- guix workflow > > Sure, but that's not the issue. The issue is being aware that I have no > particular reason to trust "guix workflow" as much as I trust "guix > package". [...] > Imagine a package "bitcoin-utils" that installs, among lots of other > stuff, an extension "guix pul" that starts a bitcoin-mining background > process whenever an unsuspecting user mistypes a frequent Guix command. Well, I understand your concerns but I am not convinced to share them. IIUC, you are saying that "git annex" or "git lfs" which are extensions to Git are a security issue because if any malware-package providing a "git-pul" malware, then a user typing "git pul" with a typo can have bad surprise. But at first, you need to trust a channel providing this malware-package, then second you need to install this malware-package and third make the typo. And what about "guxi pull" where the typo is not on the subcommand but on the command itself? To me, being handy beats the concern. :-) It is the responsability of the user to know what they is installing and running on their own machine. Cheers, simon