bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)

From: Bengt Richter
Subject: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix)
Date: Fri, 18 Oct 2019 18:32:01 -0700
User-agent: Mutt/1.12.1 (2019-06-15) 
Hi Ludo,

On +2019-10-18 16:36:30 +0200, Ludovic Courtès wrote:
> Bengt Richter <address@hidden> skribis:
> 
> > On +2019-10-17 22:25:58 +0200, Ludovic Courtès wrote:
> 
> [...]
> 
> >> > Imperialist nitpick: why list the foreigners first?  :-)
> >> >
> >> > Anti-imperialist nitpick: reversing the two allows using ‘other
> >> > distributions’ instead of ‘foreign’ which always sounds a bit
> >> > dismissive to my ears.
> >> >
> >> > End nitpick.
> >> 
> >> That makes sense to me; I’m not satisfied with “foreign” either (I think
> >> the inspiration came from FFIs, but still).  Maybe “fellow distros”?
> >> :-)
> >
> > Is not the important distinction whether the "foreign distro" can be 
> > generated
> > with pure guix libre components using a pure guix tool chain vs not?
> 
> “Foreign distro” designates any distro other than Guix System.  From a
> technical viewpoint, it’s sometimes useful to be able to make that
> distinction.
> 
> HTH,
> Ludo’.

I was trying to get to a more exact definition of "that distinction" :)

I have read the page at "info guix installation", where "foreign" is explained:
---------------------------
     Note: We recommend the use of this shell installer script
     (https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh)
     to install Guix on top of a running GNU/Linux system, thereafter
     called a “foreign distro”.(1)  The script automates the download,
     installation, and initial configuration of Guix.  It should be run
     as the root user.

   When installed on a foreign distro, GNU Guix complements the
available tools without interference.  Its data lives exclusively in two
directories, usually ‘/gnu/store’ and ‘/var/guix’; other files on your
system, such as ‘/etc’, are left untouched.
[...]

(1) This section is concerned with the installation of the package
manager, which can be done on top of a running GNU/Linux system.  If,
instead, you want to install the complete GNU operating system, *note
System Installation::.
---------------------------

I have also read from "info guix introduction":
-----------------
   (2) We used to refer to Guix System as “Guix System Distribution” or
“GuixSD”.  We now consider it makes more sense to group everything under
the “Guix” banner since, after all, Guix System is readily available
through the ‘guix system’ command, even if you’re using a different
distro underneath!
----------------

further along it says:
-----------------------
   With Guix System, you _declare_ all aspects of the operating system
configuration and Guix takes care of instantiating the configuration in
a transactional, reproducible, and stateless fashion (*note System
Configuration::).  Guix System uses the Linux-libre kernel, the Shepherd
initialization system (*note (shepherd)Introduction::), the well-known
GNU utilities and tool chain, as well as the graphical environment or
system services of your choice.
-----------------------

That sounds more restricted than "... even if you’re using a different
distro underneath!" 

When you say "Guix System," do/should you really mean _only_ a system 
specifically
running a linux-libre kernel, built with no dependencies outside of GuixSD
official sources, and using Shepherd initialization??

E.g., the purism OS has (UIAM) been recognized as free as in RMS's "ryf" but is 
it
compiled entirely using only tools in /gnu/store/... ?

Ask them, right? ;-)
(BTW, does anyone in the guix community have contact with them?
I think they are trying to contribute upstream and do "The Right Thing"(TM))

My point is, if e.g. a bug is caused by something that is different in their 
kernel image
from the one you generate from linux-libre and GuixSD sources, then we will be 
chasing a bug
in their build process, not ours.

Sometimes it might be "useful to be able to make that distinction" no? :)

(kernel image is just an example, likewise for initrd's or anything that runs 
that was not derived
from official guix/GuixSD sources).

BTW, Is it safe to do "guix system reconfigure" naively, "... even if you’re 
using a different
distro underneath!" ?? I am afraid to try it :)

--
Regards,
Bengt Richter

PS. I think it would be useful if there were a 
LD_IMPURE_REFERENCE_LOG="path/to/logfile.txt"
in an easy-to-edit place that, if present, would cause the ld wrapper to append 
to log what
it finds (even if otherwise ignoring impure refs)
WDYT?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]