Re: Security questions around using Guix to package apps

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security questions around using Guix to package apps

From:	Ludovic Courtès
Subject:	Re: Security questions around using Guix to package apps
Date:	Fri, 30 Jun 2017 14:54:14 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Hello Divan,

Divan Santana <address@hidden> skribis:

> If guix is installed on a system and configured to point to substitutes
> that the same nonroot user has access to submit and approve packages in,
> can that nonroot user on the system gain root. Therefore would one need
> to review the submitted packages to avoid the user gaining root.
>
> (This is talking about guix package manager on a foreign distro like
> RedHat)
>
> I'm guessing it's not possible. Though would be nice to have
> feedback from those that are more familiar with it.

We owe this design to Eelco Dolstra et al. of Nix.  There’s a very good
analysis in this paper:

  https://nixos.org/~eelco/pubs/secsharing-ase2005-final.pdf

Hopefully it answers all your questions and more.  If not, come back
here.  :-)

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Security questions around using Guix to package apps, Divan Santana, 2017/06/27
- Re: Security questions around using Guix to package apps, Leo Famulari, 2017/06/27
  - Re: Security questions around using Guix to package apps, Divan Santana, 2017/06/30
    - Re: Security questions around using Guix to package apps, Ludovic Courtès <=
    - Re: Security questions around using Guix to package apps, Divan Santana, 2017/06/30

Prev by Date: Re: xscreensaver on GuixSD
Next by Date: Re: Security questions around using Guix to package apps
Previous by thread: Re: Security questions around using Guix to package apps
Next by thread: Re: Security questions around using Guix to package apps
Index(es):
- Date
- Thread