GNU bug report logs - #59383
[PATCH] doc: Call out potential for downgrade attacks with time-machine.

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 59383 in the body.
You can then email your comments to 59383 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: guix-patches <at> gnu.org
Subject: [PATCH] doc: Call out potential for downgrade attacks with
 time-machine.
Date: Sat, 19 Nov 2022 13:09:31 +0100

* doc/guix.texi (Invoking guix time-machine): Add a note.
---
 doc/guix.texi | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index eaecfd0daa..c29db13be6 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -60,7 +60,7 @@
 Copyright @copyright{} 2018 Mike Gerwitz@*
 Copyright @copyright{} 2018 Pierre-Antoine Rouby@*
 Copyright @copyright{} 2018, 2019 Gábor Boskovits@*
-Copyright @copyright{} 2018, 2019, 2020 Florian Pelz@*
+Copyright @copyright{} 2018, 2019, 2020, 2022 Florian Pelz@*
 Copyright @copyright{} 2018 Laura Lazzati@*
 Copyright @copyright{} 2018 Alex Vong@*
 Copyright @copyright{} 2019 Josh Holland@*
@@ -4834,6 +4834,13 @@ Invoking guix time-machine
 large number of packages; the result is cached though and subsequent
 commands targeting the same commit are almost instantaneous.
 
+@quotation Note
+Naturally, no security fixes can be provided for old versions of Guix
+or its channels.  This also means that careless use of @command{guix
+time-machine} opens the door to downgrade attacks.
+@xref{Invoking guix pull, @option{--allow-downgrades}}.
+@end quotation
+
 The general syntax is:
 
 @example

base-commit: 7502af793172714b2b322c21ba2379c698108ef2
-- 
2.38.0

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
Cc: 59383 <at> debbugs.gnu.org, guix-patches <at> gnu.org
Subject: Re: [bug#59383] [PATCH] doc: Call out potential for downgrade
 attacks with time-machine.
Date: Sat, 19 Nov 2022 14:37:16 +0100

[Message part 1 (text/plain, inline)]

Hi Florian,

and thanks for the patch.

pelzflorian (Florian Pelz) 写道：
> +@quotation Note
> +Naturally, no security fixes can be provided for old versions 
> of Guix
> +or its channels.  This also means that careless use of 
> @command{guix
> +time-machine} opens the door to downgrade attacks.
> +@xref{Invoking guix pull, @option{--allow-downgrades}}.
> +@end quotation

‘Attack’ is a very big word.  It should not end a paragraph.  What 
would the downgrade attack—distinct from a downgrade—look like?

Kind regards,

T G-R

[signature.asc (application/pgp-signature, inline)]

Message #14 received at 59383 <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: 59383 <at> debbugs.gnu.org, guix-patches <at> gnu.org
Subject: Re: [bug#59383] [PATCH] doc: Call out potential for downgrade
 attacks with time-machine.
Date: Sat, 19 Nov 2022 18:39:50 +0100

Hi Tobias, thanks for your thoughts.

Tobias Geerinckx-Rice <me <at> tobias.gr> writes:
> pelzflorian (Florian Pelz) 写道：
>> @quotation Note
>> Naturally, no security fixes can be provided for old versions of Guix
>> or its channels.  This also means that careless use of @command{guix
>> time-machine} opens the door to downgrade attacks.
>> @xref{Invoking guix pull, @option{--allow-downgrades}}.
>> @end quotation
> ‘Attack’ is a very big word.  It should not end a paragraph.  What
> would the downgrade attack—distinct from a downgrade—look like?

My choice of words was the same as in the unattended upgrades service,
but perhaps I should add before the @xref:

Suggestions to ``just use the time machine'' could be attempts to trick
people to use old software.  But they can also get you back to a working
state.

Regards,
Florian

Message #20 received at 59383 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>, Tobias
 Geerinckx-Rice <me <at> tobias.gr>
Cc: 59383 <at> debbugs.gnu.org
Subject: Re: [bug#59383] [PATCH] doc: Call out potential for downgrade
 attacks with time-machine.
Date: Mon, 21 Nov 2022 12:19:05 +0100

Hi,

On Sat, 19 Nov 2022 at 18:39, "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> wrote:

>>> @quotation Note
>>> Naturally, no security fixes can be provided for old versions of Guix
>>> or its channels.  This also means that careless use of @command{guix
>>> time-machine} opens the door to downgrade attacks.
>>> @xref{Invoking guix pull, @option{--allow-downgrades}}.
>>> @end quotation
>>
>> ‘Attack’ is a very big word.  It should not end a paragraph.  What
>> would the downgrade attack—distinct from a downgrade—look like?

Why not something like,

--8<---------------cut here---------------start------------->8---
@quotation Note
The history of Guix is immutable and @command{guix time-machine}
provides the exact same software as they are in a specific Guix
revision.  Naturally, no security fixes are provided for old versions
of Guix or its channels.  A careless use of @command{guix time-machine}
opens the door to security vulnerabilities @xref{Invoking guix pull,
@option{--allow-downgrades}}.
@end quotation
--8<---------------cut here---------------end--------------->8---

?

Cheers,
simon

Message #23 received at 59383 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>,
 "pelzflorian \(Florian Pelz\)" <pelzflorian <at> pelzflorian.de>,
 59383 <at> debbugs.gnu.org
Subject: Re: bug#59383: [PATCH] doc: Call out potential for downgrade
 attacks with time-machine.
Date: Tue, 22 Nov 2022 08:58:08 +0100

Hi,

zimoun <zimon.toutoune <at> gmail.com> skribis:

> @quotation Note
> The history of Guix is immutable and @command{guix time-machine}
> provides the exact same software as they are in a specific Guix
> revision.  Naturally, no security fixes are provided for old versions
> of Guix or its channels.  A careless use of @command{guix time-machine}
> opens the door to security vulnerabilities @xref{Invoking guix pull,
> @option{--allow-downgrades}}.
> @end quotation

I like that wording.  Florian, WDYT?

Ludo’.

Message #28 received at 59383-done <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: 59383-done <at> debbugs.gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>,
 Tobias Geerinckx-Rice <me <at> tobias.gr>, zimoun <zimon.toutoune <at> gmail.com>
Subject: Re: bug#59383: [PATCH] doc: Call out potential for downgrade
 attacks with time-machine.
Date: Tue, 22 Nov 2022 15:47:09 +0100

zimoun’s wording is good; less alarmist.  I used his words (with a
period before @xref, no french spacing and a less alarmist commit
message and Co-authored by line).  Pushed as
b8d4c323f5d089dd800b358143d5bae26c965404.  Closing.

Regards,
Florian

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.