GNU bug report logs - #50960
[PATCH 00/10] Add 'guix shell' to subsume 'guix environment'

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sat, 2 Oct 2021 10:22:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #119 received at 50960 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
Cc: 50960 <at> debbugs.gnu.org
Subject: Re: bug#50960: [PATCH 00/10] Add 'guix shell' to subsume 'guix
 environment'
Date: Mon, 04 Oct 2021 10:22:54 +0200

Hi,

"pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> skribis:

> On Sat, Oct 02, 2021 at 03:40:00PM +0200, Ludovic Courtès wrote:
>> "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> skribis:
>> > On Sat, Oct 02, 2021 at 12:21:16PM +0200, Ludovic Courtès wrote:
>> >> 2. ‘guix shell’, without arguments, loads ‘guix.scm’ or ‘manifest.scm’
>> >>    from the current directory or one of its ancestors.
>> > This however is concerning.  Users will not expect guix to execute
>> > arbitrary code.  Maybe print a suggestion to maybe --file the file
>> > instead.
>> I think it’s fine as long as, as in the case of ‘haunt build’ or ‘make’
>> or ‘git’, it’s properly documented.  Also, ‘guix shell’ unconditionally
>> writes a message.
>
> Let’s say I have downloaded undesirable code to a file
> /home/florian/Downloads/guix.scm and am hacking on source code in
> /home/florian/Downloads/something/ where I run `guix shell`, but
> /home/florian/Downloads/something/ does not in fact contain a
> guix.scm file.  Now I’d have accidentally run the other guix.scm.

Sure, but it’s all under your control; it’s not very different from
someone knowingly running “guix build -f guix.scm” on an untrusted file,
is it?

> Also `make` is typically used without arguments, but a novice `guix
> shell` user might know `guix shell program-a program-b` but is
> surprised when running `guix shell` without arguments in an untrusted
> directory.

We have the advantage that ‘guix shell’ is a new command, so we can
document it from the start as behaving this way without arguments.

WDYT?

Thanks,
Ludo’.
This bug report was last modified 3 years and 210 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.