[Nix-dev] Nix(OS) and passwords ? builtins.writeFileToPath proposal

Michael Raskin 7c6f434c at mail.ru
Sun Dec 27 01:56:55 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marc Weber wrote:
> I'd fix this by adding a new primop writeFileToPath destination text.
> 
> then instead of pkgs.writeText you could use
> 
> writeFileToPath /root/extraUsers.txt "[ .. file contents .. ]"

The main problem is that _evaluating_ untrusted Nix expressions becomes
unsafe. Earlier you could safely build untrusted Nix expressions - at
least on an offline box.. Seems to be a big misfeature.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLNrDWAAoJEE6tnN0aWvw3bPcIALSVW1FQcMnhzcfmLcdJnwUh
M0XpTgtmkorhus6jLp3OQvrjOoT4uY4GQ4JlDrmEg56Yk317RPIaACs+mJgCfWO9
VpWhAHLq/oOq66vIzbLn383WcD58Yz8dMoFzZAZopTYKM6l7Mt59P3YzkT5BKyge
9shS5kfGOXL3ITI767EZxoxnMZwHSdt3pqPwOo/HwjckAl6v1Vxn1F+7GbvKZshy
RV5HKzR1XdhalDzf7XaRqfa6su6RuIbs1FH1Wwn9pbqz1oz1dtRjDnSNjfg4exlo
S37SU3/JWMqMMasacZPGRzcJP69fEIMHT6UKxgrO9mLy3EIHM1IGOBs7KKib4OA=
=AZYV
-----END PGP SIGNATURE-----



More information about the nix-dev mailing list