Re: “Building a Secure Software Supply Chain with GNU Guix”

[Ludovic Courtès]

Hi,

Zhu Zihao <all_but_last@163.com> skribis:

> There's still some questions to ask. I'm concerned about the safety of
> the evaluation of channel code. IIRC, there's no sandbox for the
> evaluation of package in channel. So, it's possible to inject some
> side-effect code into a channel like
>
> ```
> (define-module (my channel code))
>
> (display "I'm planning to do evil things here!")
>
> (define-public some-package ...)
> (define-public another-package ...)
> ```

Yes.

> We have PGP sign and git commit chain to make sure the commits are
> committed by trusted people. But it's still possible for the channel
> owner to inject malicious code into the channel in a future commit. Like
> what Marak Squires did in faker.js project :( or the committer of Guix
> was attacked by an evil maid.

I’m not aware of the faker.js story, do you have a link?

The model here is that users trust authorized committers.  When you
think about it, there’s no way around it, because at the end of the day,
you’re installing software that an authorized committer added to the
channel.

To put it differently, side effects in the .scm file as you show above
are just one of the many ways an authorized committer could harm users.

> In Nix flakes, there's pure evaluation to make sure no side-effectful
> code is allowed. But Guix channel is less restricted than a Nix flake.
> It's a important problem to make sure the evaluation is safe for the user.

Yes, I understand.  I don’t think that makes a practical difference
though: when you pull from a Guix channel or fetch a Nix flake, that’s
because you want to install software according to what that
channel/flake provides.  So whether evil code is in the channel/flake
(as Scheme/Nix code) or in the package(s) themselves makes little
difference.

Does that make sense?

(Besides, there’s no mechanism for authenticated updates of flakes or of
Nixpkgs, which is the core of the paper.)

Thanks for your feedback!

Ludo’.