From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id mE8jBOyyWGA7EAAA0tVLHw (envelope-from ) for ; Mon, 22 Mar 2021 15:08:28 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id iDAQAOyyWGCWQAAA1q6Kng (envelope-from ) for ; Mon, 22 Mar 2021 15:08:28 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7F5DAEE01 for ; Mon, 22 Mar 2021 16:08:26 +0100 (CET) Received: from localhost ([::1]:51610 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lOMAL-0003Fo-8J for larch@yhetil.org; Mon, 22 Mar 2021 11:08:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55218) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lOM9s-0002UD-2Z for gwl-devel@gnu.org; Mon, 22 Mar 2021 11:07:56 -0400 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:46803) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lOM9i-0001y2-SV for gwl-devel@gnu.org; Mon, 22 Mar 2021 11:07:55 -0400 Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 2FEBA1725; Mon, 22 Mar 2021 11:07:45 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Mon, 22 Mar 2021 11:07:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.net; h= from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm3; bh=JMkiNgSO6JWJ8/ZSQ4RJ+ZagrX 26kXRIo06A8d6T1pI=; b=V2L40NPVL39pjy0TNVFMoEanfjiOnXnpV/tQvDuSWU HG4kk7okAamkR4R83c1ptF2PADyH6QsNpNrnJGnmUDv2W90HV3ZQUFG2nLV+tYhK GiQkB5rPt6YGP2IzKH6tXrOWQujP+zXOSn1nxUVTnEpQ9tvIWMWHeq5q/lVq43hr oyMORk2twuiSJhWDfcSqBc5Ke26xG63Qd4+NVzeWeuQCJEXZTL9lEGFQsIkvV1pS krJMrNuBuCGVFIp27jEj4rqK7NXCVh80nDOxwNjBLGvW7uKRTflENUREti35aVHX 7AVBwgwN0Po4Gb4ZwOiVloId5dI3y2/xgSGpK/eN5r3Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=JMkiNg SO6JWJ8/ZSQ4RJ+ZagrX26kXRIo06A8d6T1pI=; b=mGTk06ezPvEoxk2kxqv49q r92T2F6y2TxGfGY0K19XULndHVIvWLAHG2n1mYP5XLKcFsqJlyd9JY3kckalGTDH z+SJYwtOX2CynsbQE+RAjL43HMZz0PUM9VeFYUVsffapMGuXtTwUjxLz5eynq1Us qD74WtHoOHBj9L5drAK9wY8I7KCUkHukgjTiFZuCXV8kaCqglB6F/2SfGrDJ4Qac 5lx530cwRlvGhHGCLcU/dpVZdL5HDvASrjY1OXGUPyGnsbPooLTgKxxa+xZxmcZ7 f4kbU+9f6gI1kakfJjRmy1zA/u7uMNYXI+Gpugb1fM+IIlNbh5GLrR3eqavTet+Q == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudeggedgjeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffujghffffkgggtsehttdertd dttddtnecuhfhrohhmpefmohhnrhgrugcujfhinhhsvghnuceokhhonhhrrggurdhhihhn shgvnhesfhgrshhtmhgrihhlrdhnvghtqeenucggtffrrghtthgvrhhnpeeikeejjeevue eifeejhedtgeethfdutefgveffhfeuheejveeiieegvdfhtdeifeenucfkphepkeeirddv geejrdegkedrheeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomhepkhhonhhrrggurdhhihhnshgvnhesfhgrshhtmhgrihhlrdhnvght X-ME-Proxy: Received: from ordinateur-de-catherine--konrad.home (lfbn-idf2-1-840-58.w86-247.abo.wanadoo.fr [86.247.48.58]) by mail.messagingengine.com (Postfix) with ESMTPA id 1DBC224033F; Mon, 22 Mar 2021 11:07:44 -0400 (EDT) From: Konrad Hinsen To: zimoun Subject: Re: Getting started with GWL 0.3.0 In-Reply-To: References: <86y2efzc08.fsf@gmail.com> Date: Mon, 22 Mar 2021 16:07:42 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=64.147.123.24; envelope-from=konrad.hinsen@fastmail.net; helo=wout1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: gwl-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: gwl-devel@gnu.org Errors-To: gwl-devel-bounces+larch=yhetil.org@gnu.org Sender: "gwl-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616425707; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=JMkiNgSO6JWJ8/ZSQ4RJ+ZagrX26kXRIo06A8d6T1pI=; b=TfpidHgm5//elyuNVHhid7mofkEkk0vrtqxpRGu/c1gAAFMrQjH+N9kocG6QCjOVfeHzNi C/7PxSk5ev5AkiVl+dhlcTcITZUCAw40nfasKmzdRZvoFzF6vUehea0ucVgu1xWE88gGkk LnboAP1P9K2KNMgF9KwS9veqm8fFfYTMtv/mn8FOqo6ysA+tx1KlkOLNgSwVcN7HDYZN0D WoNq9OTHAa6GTCQ2N9fNdrXebtIDhI0jPHhnA+Sg0uQaf43lbFgZNBah+isCUBPQeMSZvQ wModxsTGG4sI//TFTukU8szxB095L1V07Xok4erkE3JSwBdB6VCeQT0qI6RcGg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616425707; a=rsa-sha256; cv=none; b=Hna58yKbeKxpnsb/G6u/6dIx/Kn9IY1DKNzSJse8hlETqAO4d3eKVgTfoarRbEAs7uIT4Q 7KejrLTBdRmmfL0fOZzM0uKk0rMPHGXp5BOozzjtvDAoxEiMcS8WS7EJWDW4iAa+Xhl+to YtSwP8xrkOpDErSjS2m6APHbnGg0oNrC8IEFdksBzS5Q4R9TLu/16ENejPxNHWfO+hAoxh ICI5fKWc/PLvWok1py9Xlnn2aIrI2lWoj9k75A4VGVWIi/pTre6XtdXYstpchKHksrXveB jWeEPOymeF2P0NuC7jU/dzJJ6JKkudCHv12bt+GOWJlk15cK95LRxa/nFt+/Nw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=fastmail.net header.s=fm3 header.b=V2L40NPV; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=mGTk06ez; spf=pass (aspmx1.migadu.com: domain of gwl-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=gwl-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.12 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=fastmail.net header.s=fm3 header.b=V2L40NPV; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=mGTk06ez; dmarc=pass (policy=none) header.from=fastmail.net; spf=pass (aspmx1.migadu.com: domain of gwl-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=gwl-devel-bounces@gnu.org X-Migadu-Queue-Id: 7F5DAEE01 X-Spam-Score: -3.12 X-Migadu-Scanner: scn0.migadu.com X-TUID: E1veeX8thdPT zimoun writes: > The user has to explicitly set GUIX_EXTENSIONS_PATH or explicitly > install a package (or a channel, as "guix home"). I do not see where > there is a security flaw, I mean it is the same vulnerability as for > "guix repl -- foo.scm" or as for "guix install foo && foo". The vulnerability level is the same, but a typical user's expectations are not. When I run a script via "guix repl", it is perfectly obvious to me that that script is not part of Guix. When I run the command "foo", it is also perfectly obvious to me that "foo" is not part of Guix. But "guix workflow" looks as if it were part of Guix. Guix users need a significant level of trust in Guix and its developers in order to use Guix. Attackers could exploit this trust by tricking users into adding malicious code (via a channel, for example) that takes the form of a Guix extension. People do run downloaded bash scripts with root permissions, after all (e.g. for installing Guix ;-). > And if you worry, I guess you can run GWL in a container, something like; > > guix environment -C --ad-hoc gwl -- guix workflow Sure, but that's not the issue. The issue is being aware that I have no particular reason to trust "guix workflow" as much as I trust "guix package". Of course GWL is a bad example because its developers are a subset of Guix developers. But the extension mechanism looks open to everyone. Imagine a package "bitcoin-utils" that installs, among lots of other stuff, an extension "guix pul" that starts a bitcoin-mining background process whenever an unsuspecting user mistypes a frequent Guix command. Cheers, Konrad.