[Nix-dev] Malicious installation methods
Ertugrul Söylemez
esz at posteo.de
Fri Jun 17 15:02:59 CEST 2016
>> I ask you to PLEASE remove this installation method from the
>> recommendations on the page because it makes it look like you don't
>> care about computer secuirty one bit.
>
> Now, that's an interesting point. Are there many people who never
> installed nix because the installer is the recommended installation
> method?
I have actually witnessed a few people (in person) who expressed
concerns about that method. When questioned, the concerns turned out to
be unreasonable, because you are going to trust code from that server to
run as root blindly anyway, but this is one of those "evil pattern"
triggers that make security-minded people jump. It's like seeing
"strcpy" in C code: not *necessarily* bad, but triggers the warning
bell.
For marketing reasons it may be beneficial to attach a security note to
that command, such that people understand why it's really not any less
secure than other methods. Alternatively get rid of the pattern and
distribute a bunch of tarballs instead. In other words: perform the
installation on Hydra, tar it, then provide platform-specific tars.
One interesting point is that little of the installation really requires
root permissions. Users could be asked to create the `/nix` directory
and optionally a bunch of build users as root and then let the script do
its job without root. That way the script never needs to switch users.
Greets,
Ertugrul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160617/f1db8455/attachment.sig>
More information about the nix-dev
mailing list