GNU bug report logs - #50960
[PATCH 00/10] Add 'guix shell' to subsume 'guix environment'

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sat, 2 Oct 2021 10:22:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxime Devos <maximedevos <at> telenet.be>
To: Ludovic Courtès <ludo <at> gnu.org>, Vagrant Cascadian <vagrant <at> debian.org>
Cc: 50960 <at> debbugs.gnu.org
Subject: [bug#50960] [PATCH 00/10] Add 'guix shell' to subsume 'guix environment'
Date: Mon, 04 Oct 2021 19:12:40 +0200

[Message part 1 (text/plain, inline)]
Ludovic Courtès schreef op ma 04-10-2021 om 10:34 [+0200]:
> Hello!
> 
> Vagrant Cascadian <vagrant <at> debian.org> skribis:
> 
> > On 2021-10-02, Ludovic Courtès wrote:
> 
> [...]
> 
> > >   2. ‘guix shell’, without arguments, loads ‘guix.scm’ or ‘manifest.scm’
> > >      from the current directory or one of its ancestors.
> > 
> > This sounds a little scary to me, just implicitly importing whatever
> > happens to be lying around doesn't sound very guixy...
> 
> Right, it would be the first command that does that.
> 
> I became quite convinced that conventions and, thus, implicit arguments
> can occasionally improve usability.  We use tools that operate this way
> daily: ‘make’, ‘git’, etc.  Dave nicely argued about it:

'git' doesn't run binaries in the repository, unless configured otherwise
(in .git/config I think).  ‘make’ and ‘bundle’ are verbs and are for building
source code, which needs to be checked for backdoors anyway, so those programs
implicitely reading code from the current directory seems acceptable.

"guix sh" seems to be useful outside software development.
E.g. I sometimes do
"guix environment --pure --ad-hoc minetest various-minetest-mods-... -- minetest",
which would become
"guix shell --pure minetest various-minetest-mods-... -- minetest".
I could very easily accidentally press the enter key after typing "shell"
(I write from personal experience), and this could easily happen from within,
say, a ~/Downloads directory with an untrusted guix.scm (e.g. downloaded from
some rando's site to look at later).

Conventions are nice, but loading arbitrary code from the current directory
by default is an exploit waiting to happen.  This situation seem like including "."
in PATH by default to me.

Greetings,
Maxime

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 210 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.