[Nix-dev] When calling nix-store --verify-path - How to know the hash database is not corrupt?
Vladimír Čunát
vcunat at gmail.com
Wed Mar 9 20:47:42 CET 2016
On 03/09/2016 04:20 PM, Matthias Beyer wrote:
> It is not clearly stated what database this is, as far as I can tell.
I believe it has to be /nix/var/nix/db/.
Note that if an attacker compromised your system (such as libc etc.),
you can *not* trust what your compromised nix-store ... returns,
regardless of measures we (originally) took in that executable.
--Vladimir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3771 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160309/491e1128/attachment.bin
More information about the nix-dev
mailing list