| 29 Jun 2021 |
 hexa | 0.27.3 is also what we have in 20.09, so in theory we could bump it there as well | 21:10:33 |
| hexa | in other news: 25h support for 20.09 left on my clock (CEST) | 21:10:57 |
| 30 Jun 2021 |
|  mingovanburne joined the room. | 03:53:18 |
| 1 Jul 2021 |
 kunrooted | asked on FP Slack, will ask in here as well | 11:18:33 |
| kunrooted | okay so let's assume we have Situation like this:
we have two users, Adam and Eve, while Adam has root access/is root himself. Can Eve 'infect' his /nix/store with malicious Code? Also, how one can tell which packages in /nix/store belong to who? I think that replacing a binary is indeed possible, but it requires root access, so it would def. be a Post exploitation thing. What other security nightmares can we face except the atomic Upgrades and possibilities of supply chain attacks when it comes to /nix/store itself? Really, how one can tell which user can use which package? Is there a way to do so? Can Eve in given Situation 'inject' malicious Code into Adam's /nix/store? | 11:18:36 |
 Synthetica | If you have root you can basically do anything, so... | 11:19:23 |
| kunrooted | And how can I tell which user has an Access to certain packages? | 11:20:02 |
 balsoft | Nix store is a large cache | 11:20:11 |
 Roos | The nix store is world readable. | 11:20:20 |
| balsoft | Everybody has write access | 11:20:23 |
| balsoft | * Everybody has read access | 11:20:26 |
| Synthetica | I suppose that if you have a SHA collision you can build an evil package that has the same derivation hash as a good package | 11:20:27 |
| balsoft | allowedUsers have write access to new packages | 11:20:36 |
| balsoft | trustedUsers basically have root so it doesn't matter | 11:20:45 |
| balsoft | In reply to @synthetica:matrix.org
I suppose that if you have a SHA collision you can build an evil package that has the same derivation hash as a good package Yes | 11:20:57 |
| balsoft | In reply to @kunrooted:matrix.org
okay so let's assume we have Situation like this:
we have two users, Adam and Eve, while Adam has root access/is root himself. Can Eve 'infect' his /nix/store with malicious Code? Also, how one can tell which packages in /nix/store belong to who? I think that replacing a binary is indeed possible, but it requires root access, so it would def. be a Post exploitation thing. What other security nightmares can we face except the atomic Upgrades and possibilities of supply chain attacks when it comes to /nix/store itself? Really, how one can tell which user can use which package? Is there a way to do so? Can Eve in given Situation 'inject' malicious Code into Adam's /nix/store? So, yes, anybody can put (almost) anything in the nix store, but it doesn't matter | 11:21:26 |
| kunrooted | okay, great | 11:21:27 |
| Roos | You can always ask the nix daemon to build a derivation for you, but since it's hashed, you cannot replace a legitimate derivation unless you also happen to find a sha256 collision. | 11:21:41 |
| balsoft | Another slight issue is if you have a sufficiently controlled and influential nondeterminism source in your dependency tree, another kind of attack is possible | 11:22:27 |
| kunrooted | okay, and any other security risks related to /nix/store itself? | 11:22:31 |
| kunrooted | ah, you type faster haha | 11:22:43 |
| kunrooted | In reply to @balsoft:balsoft.ru
Another slight issue is if you have a sufficiently controlled and influential nondeterminism source in your dependency tree, another kind of attack is possible what do you mean exactly | 11:22:59 |
| kunrooted | injection/hijack of some Kind? | 11:23:12 |
| balsoft | I can't give a concrete example right now but I think it could be possible | 11:23:48 |
| balsoft | Imagine that somewhere in the build there's basically if some_nondeterministic_condition then echo "malicious stuff" >> $out/bin/foo | 11:24:24 |
| kunrooted | my best idea was to inject a derivation which would build something like gtfo bin | 11:24:31 |
| balsoft | Then Eve can figure out the dependency tree of the system, and build this nondeterministic derivation with the condition triggered before Adam does | 11:24:59 |
| balsoft | But it's such a low-possibility attack that a sha256 collision is more likely I think | 11:25:20 |
 philipp | Redacted or Malformed Event | 11:25:30 |
| balsoft | In reply to @kunrooted:matrix.org
my best idea was to inject a derivation which would build something like gtfo bin What do you mean | 11:25:46 |
