GNU bug report logs -
#41908
guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
Previous Next
Full log
Message #39 received at 41908 <at> debbugs.gnu.org (full text, mbox):
Hi,
zimoun <zimon.toutoune <at> gmail.com> skribis:
> On Sat, 20 Jun 2020 at 12:40, Ludovic Courtès <ludo <at> gnu.org> wrote:
>> zimoun <zimon.toutoune <at> gmail.com> skribis:
>
>>> BTW, from a security perspective, it is easy to cheat by removing some
>>> commits so the file ~/.cache/guix/authentication/channels/guix should be
>>> protected: read-only and only writable by the daemon.
>>
>> It’s 600 of course. What we could do is ignore it if it’s not 600 when
>> we open it.
>
> This could help. :-)
Done in 41939c374a3ef421d2d4c6453c327a9cd7af4ce5.
>> Crucially: we cannot and should not restrict what the user can do for
>> the sake of security. Users can pass ‘--disable-authentication’, they
>> can run binaries taken from the net, whatever; it’s their machine.
>
> Well, I have not thought deeply to an attack, but the point is to
> protect the user when they runs "guix pull" alone i.e., they can trust
> the server. An attack could be for example an email with an attachment,
> click, then boum: tweak ~/.config/guix/channels.scm and
> ~/.cache/guix/authentication/channels/guix, then the user runs "guix
> pull" which the expectation that everything is checked and
> authenticated and in fact no, they is talking to malicious server.
I don’t really see how the attachment would modify a local file, but
even if that’s a possibility, it’s beyond the scope of Guix: we cannot
prevent users from shooting themselves in the foot.
Ludo’.
This bug report was last modified 5 years and 53 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.