[Nix-dev] Re: NIX_OTHER_STORES and security?

Eelco Dolstra e.dolstra at tudelft.nl
Wed Nov 26 14:03:50 CET 2008


Marc Weber wrote:
> On Tue, Nov 25, 2008 at 06:07:06PM +0100, Ludovic Courtès wrote:
>> Hi,
>>
>> Marc Weber <marco-oweber at gmx.de> writes:
>>
>>> What happens if a user subscribes to a channel which contains malicious
>>> packages? I mean if the user installs a malicious package this way and
>>> the sysadmin does so as well but maybe two days later. Then the sysadmin
>>> won't install anything but reuse the existing (manipulated) store path..
>>>
>>> Am I missing a point here?
>> Yes, `nix-pull' must be run as root currently, since
>> `/nix/var/nix/manifests' is not world-writable.
> So when using nix-channel * stuff I run nix-pull as root using setuid
> bits or such implicitely?

No, nix-channel only calls nix-pull if you have direct write permission to
/nix/var/nix/manifests, which on NixOS only root has.  So as a normal user you
can't register additional manifests.  Thus nix-channel is basically a
source-only distribution mechanism if you're not root.

-- 
Eelco Dolstra | http://www.st.ewi.tudelft.nl/~dolstra/



More information about the nix-dev mailing list