[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security questions around using Guix to package apps

From: Ludovic Courtès
Subject: Re: Security questions around using Guix to package apps
Date: Fri, 30 Jun 2017 14:54:14 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Hello Divan,

Divan Santana <address@hidden> skribis:

> If guix is installed on a system and configured to point to substitutes
> that the same nonroot user has access to submit and approve packages in,
> can that nonroot user on the system gain root. Therefore would one need
> to review the submitted packages to avoid the user gaining root.
> (This is talking about guix package manager on a foreign distro like
> RedHat)
> I'm guessing it's not possible. Though would be nice to have
> feedback from those that are more familiar with it.

We owe this design to Eelco Dolstra et al. of Nix.  There’s a very good
analysis in this paper:

Hopefully it answers all your questions and more.  If not, come back
here.  :-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]