[Nix-dev] Malicious installation methods
Eelco Dolstra
eelco.dolstra at logicblox.com
Fri Jun 17 15:31:49 CEST 2016
Hi,
On 06/17/2016 03:02 PM, Ertugrul Söylemez wrote:
> For marketing reasons it may be beneficial to attach a security note to
> that command, such that people understand why it's really not any less
> secure than other methods. Alternatively get rid of the pattern and
> distribute a bunch of tarballs instead. In other words: perform the
> installation on Hydra, tar it, then provide platform-specific tars.
The installation section of the manual had info on how to install a binary
tarball directly, but this was lost accidentally. I've restored it in
f94a804cedc2bebe564e463bd2567da03a57204b.
We can also GPG-sign the installer script and/or the binary tarballs. That would
provide some protection against the case where the nixos.org webserver is
compromised.
> One interesting point is that little of the installation really requires
> root permissions. Users could be asked to create the `/nix` directory
> and optionally a bunch of build users as root and then let the script do
> its job without root. That way the script never needs to switch users.
This is already the case (as noted on the download page): if /nix exists and is
writable, then you don't need to have sudo root access.
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
More information about the nix-dev
mailing list