[Nix-dev] NIX_OTHER_STORES and security?

Arie Middelkoop ariem at cs.uu.nl
Tue Nov 25 12:50:53 CET 2008


Maybe I understand incorrectly, but how would a
NIX_OTHER_STORE be less secure than for example a channel you've
registered to?

Michael Raskin wrote:
> Marc Weber wrote:
>> I'm not sure I've understood how this works:
> 
>> So can I copy some dirs from /nix/store to my home directory,
>> modify them, change their hash to a hash which is very likely to be
>> installed by the system anyway later on (due to updates or such)
>> and ask the system to install that *update* which is indeed malware?
> 
> All env-vars are checked by process doing the build. It is nix-store
> with root rights or nix-worker.. It is not a protocol change (which
> would need some security) - it is a change requiring store write access
> to use.
_______________________________________________
nix-dev mailing list
nix-dev at cs.uu.nl
https://mail.cs.uu.nl/mailman/listinfo/nix-dev




More information about the nix-dev mailing list