Re: Can unprivileged users corrupt the store with bad tarballs?

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can unprivileged users corrupt the store with bad tarballs?

From:	Ludovic Courtès
Subject:	Re: Can unprivileged users corrupt the store with bad tarballs?
Date:	Thu, 03 Apr 2014 21:39:06 +0200
User-agent:	Gnus/5.130007 (Ma Gnus v0.7) Emacs/24.3 (gnu/linux)

Mark H Weaver <address@hidden> skribis:

> I was thinking about the security implications of giving out shell
> access to one of my systems running Guix.
>
> When I ask guix-daemon to build package 'foo', it will use as an input
> the source for package 'foo', usually a tarball.  If the tarball is
> already in the store, it won't download it again, because it is
> effectively cached in the store.
>
> It is possible for another user on the same system to corrupt the cache,
> but manually adding a bad tarball for 'foo' to the store, in such a way
> that it would be used to build 'foo' when I ask for it?

No.

Tarballs are fixed-output derivations, so the hash of the tarball is
known in advance.  Thus, when building a package, you’re sure to use the
tarball whose hash is in the recipe.

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Can unprivileged users corrupt the store with bad tarballs?, Mark H Weaver, 2014/04/03
- Re: Can unprivileged users corrupt the store with bad tarballs?, Ludovic Courtès <=
  - Re: Can unprivileged users corrupt the store with bad tarballs?, Mark H Weaver, 2014/04/04
    - Re: Can unprivileged users corrupt the store with bad tarballs?, Ludovic Courtès, 2014/04/04

Prev by Date: Can unprivileged users corrupt the store with bad tarballs?
Next by Date: Re: Support for signed substitutes pushed
Previous by thread: Can unprivileged users corrupt the store with bad tarballs?
Next by thread: Re: Can unprivileged users corrupt the store with bad tarballs?
Index(es):
- Date
- Thread