[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Public guix offload server
From: |
Leo Famulari |
Subject: |
Re: Public guix offload server |
Date: |
Wed, 20 Oct 2021 18:54:11 -0400 |
On Wed, Oct 20, 2021 at 11:06:05PM +0200, Tobias Geerinckx-Rice wrote:
> Guix is not content-addressed. Any [compromised] user can upload arbitrary
> malicious binaries with store hashes identical to the legitimate build.
> These malicious binaries can then be downloaded by other clients, which
> presumably all have commit access.
Interesting... I'm not at all familiar with how `guix offload` works,
because I've never used it. But it's surprising to me that this would be
possible. Although after one minute of thought, I'm not sure why it
wouldn't be.
However, the Guix security model trusts committers implicitly. So, if
the committers' shared offload server had proper access control, one
might consider it "good enough" in terms of security. Although the
possibility of spreading malicious binaries is much scarier than what
could be achieved by committing to guix.git, because of the relative
lack of transparency.
signature.asc
Description: PGP signature
- Public guix offload server, Arun Isaac, 2021/10/20
- Re: Public guix offload server, Tobias Geerinckx-Rice, 2021/10/20
- Re: Public guix offload server,
Leo Famulari <=
- Re: Public guix offload server, zimoun, 2021/10/21
- Re: Public guix offload server, Tobias Geerinckx-Rice, 2021/10/21
- Re: Public guix offload server, zimoun, 2021/10/21
- Re: Public guix offload server, Jonathan McHugh, 2021/10/21
- Re: Public guix offload server, zimoun, 2021/10/21
- Re: Public guix offload server, Tobias Geerinckx-Rice, 2021/10/21
- Re: Public guix offload server, zimoun, 2021/10/22
- Re: Public guix offload server, Arun Isaac, 2021/10/23
- Re: Public guix offload server, zimoun, 2021/10/23