[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security questions around using Guix to package apps

From: Divan Santana
Subject: Security questions around using Guix to package apps
Date: Tue, 27 Jun 2017 11:19:24 +0200

Hi All,

Firstly love the work the Guix community is going and hoping to start
using it more.

I don't know too much about Guix but we considering using it and
switching from the typical RPM/yum solution we have implemented in our
large corporation here.

* Our problem

So our team manages a few thousand Linux systems for customers.

We don't allow full root access for the customes/users of the systems.

Though the customers/users require to ship applications. They normally do this
with something like RPMs and a yum repository.

The problem with this is:
1. yum/rpm requires root to install/upgrade/remove packages.
2. One can ship certain files in an RPM install it via yum and gain full root.
3. One can therefore use the RPMs/yum to gain full root.

* Consider Guix as a solution

The question is if Guix could solve the above?

I know it doesn't require root so that solves problem 1.

Though I think 2 is still a problem. Is it?

* Getting to the actual question
Therefore can one ship files in a guix package and as nonroot install this
package. Then use the files the package provided as a nonroot user to gain root?

Or written another way, if guix is installed on a system and configured to point
to substitutes that the same nonroot user has access to submit and approve
packages in, can that nonroot user on the system gain root. Therefore would one
need to review the submitted packages to avoid the user gaining root.

** Some theoretical examples of doing this

One example to do this would be to create a shell script with =sudo su -= (or
similar problematic) contents then byte compile it and ship that in the
application with setuid permission bit set on it?

If this was possible with Guix, putting =/gnu= on it's own FS with mount option
of =setuid=0= should solve this.

Ship a sudo file and install it in =/etc/sudoers.d= though I'm not sure if
that's possible with Guix since it's kind of it it's own chroot. Unless it
supports post-scripts section and that gets executed as root (doubt it).

Hope the above makes sense.

Greetings from South Africa
Divan Santana

reply via email to

[Prev in Thread] Current Thread [Next in Thread]