[Nix-dev] NIX_OTHER_STORES and security?

Marc Weber marco-oweber at gmx.de
Tue Nov 25 12:16:11 CET 2008


I'm not sure I've understood how this works:

So can I copy some dirs from /nix/store to my home directory,
modify them, change their hash to a hash which is very likely to be
installed by the system anyway later on (due to updates or such)
and ask the system to install that *update* which is indeed malware?

AFAIK nix has been somewhat secure because you hav'nt had the chance to
modify any derivations but creating them yourself using derivations.
This is secure because hash collisions are very unlikely.
But if we allow to mount arbitrary (manipulated) store paths and use
them to install system derivations (eg by nix-store realize or whatever)
I feel there is a problem (not for my private setup, but I don't want to
allow this for users of my server..)
As long as nobody is familiar with nix(os) that's no problem at all
(yet). But that will change.

Any comments?

Marc Weber



More information about the nix-dev mailing list