[Nix-dev] When calling nix-store --verify-path - How to know the hash database is not corrupt?

Kevin Cox kevincox at kevincox.ca
Thu Mar 10 13:43:00 CET 2016


On Mar 10, 2016 5:28 AM, "Eelco Dolstra" <eelco.dolstra at logicblox.com>
wrote:
>
>
> In the future Nix will probably store binary cache signatures in its
database,
> and provide a command to check local paths against binary caches.
>

The problem with this is that if you are running a local command to
validate signatures you need to trust the local command which you can't.

I'm not saying that it is useful to provide these tools but if you are
paranoid enough the only safe thing to do once you suspect someone has
comprised your box is to burn it. Another alternative which runs the risk
of not checking that firmware hasn't been modified is mounting the disk in
a trusted system and running the check from there.

Pick your desired security level :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160310/69d18035/attachment.html 


More information about the nix-dev mailing list