Re: Security questions around using Guix to package apps

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security questions around using Guix to package apps

From:	Divan Santana
Subject:	Re: Security questions around using Guix to package apps
Date:	Fri, 30 Jun 2017 15:22:01 +0200

Ludovic Courtès <address@hidden> writes:

> Hello Divan,
>
> Divan Santana <address@hidden> skribis:
>
>> If guix is installed on a system and configured to point to substitutes
>> that the same nonroot user has access to submit and approve packages in,
>> can that nonroot user on the system gain root. Therefore would one need
>> to review the submitted packages to avoid the user gaining root.
>>
>> (This is talking about guix package manager on a foreign distro like
>> RedHat)
>>
>> I'm guessing it's not possible. Though would be nice to have
>> feedback from those that are more familiar with it.
>
> We owe this design to Eelco Dolstra et al. of Nix.  There’s a very good
> analysis in this paper:
>
>   https://nixos.org/~eelco/pubs/secsharing-ase2005-final.pdf
>
> Hopefully it answers all your questions and more.  If not, come back
> here.  :-)

Thanks Ludo. :-)

[Prev in Thread]

Current Thread

[Next in Thread]

Security questions around using Guix to package apps, Divan Santana, 2017/06/27
- Re: Security questions around using Guix to package apps, Leo Famulari, 2017/06/27
  - Re: Security questions around using Guix to package apps, Divan Santana, 2017/06/30
    - Re: Security questions around using Guix to package apps, Ludovic Courtès, 2017/06/30
    - Re: Security questions around using Guix to package apps, Divan Santana <=

Prev by Date: Re: Security questions around using Guix to package apps
Next by Date: Using tramp with guixsd install image
Previous by thread: Re: Security questions around using Guix to package apps
Next by thread: failed to resolve partition “my-root”
Index(es):
- Date
- Thread