[Nix-dev] Re: NIX_OTHER_STORES and security?
Marc Weber
marco-oweber at gmx.de
Wed Nov 26 13:54:09 CET 2008
On Tue, Nov 25, 2008 at 06:07:06PM +0100, Ludovic Courtès wrote:
> Hi,
>
> Marc Weber <marco-oweber at gmx.de> writes:
>
> > What happens if a user subscribes to a channel which contains malicious
> > packages? I mean if the user installs a malicious package this way and
> > the sysadmin does so as well but maybe two days later. Then the sysadmin
> > won't install anything but reuse the existing (manipulated) store path..
> >
> > Am I missing a point here?
>
> Yes, `nix-pull' must be run as root currently, since
> `/nix/var/nix/manifests' is not world-writable.
So when using nix-channel * stuff I run nix-pull as root using setuid
bits or such implicitely?
Marc
More information about the nix-dev
mailing list