| 15 Jul 2025 |
 aloisw | (regarding the sockets stuff, not CVE-2025-52991, it just came to my mind again due to talking about the nested build directory) | 18:19:44 |
 raitobezarius (DECT: 7248) | In reply to @aloisw:julia0815.de
Or maybe not, given that the arbitrary directory delete may not come from Lix? But I fail to come up with a reasonable threat model here in any case. I feel like you could either analyze it from: integrity, confidentiality and availability perspective OR a random multi-user Lix installation on a personal system (laptop/desktop/etc) OR a random multi-user Lix installation on a server OR a multi-tenant Lix worker for a CI system, etc. | 18:41:27 |
| raitobezarius (DECT: 7248) | I think specialized systems like CI systems, etc. are already aware to invest into hardening methods and additional sandboxing | 18:41:44 |
| raitobezarius (DECT: 7248) | So their blast radius should be controlled when it comes to this | 18:41:53 |
| raitobezarius (DECT: 7248) | Running Lix on a server is classical but also meh, it's mostly used similarly as a personal system albeit you don't download random attachements and shit from where not | 18:42:32 |
| raitobezarius (DECT: 7248) | So random multi user Lix installation on a personal system is the most important scenario here that matters to me | 18:42:46 |
| raitobezarius (DECT: 7248) | By default, it should be staging builds in /nix/var/nix/builds, except if you opt-in in a new directory or you are running weird commands that make it fallback to non-daemon connections and cause you to use a tmp directory, at this point, bets are off.
Ideally, if you end up doing that, it would be nice if we could make people do something like systemd-run -p $HARDENING nix ... | 18:43:35 |
| raitobezarius (DECT: 7248) | instead of just nix ... | 18:43:38 |
| raitobezarius (DECT: 7248) | Arbitrary directory delete can cause integrity or availability issues, but not confidentiality ones | 18:44:00 |
| raitobezarius (DECT: 7248) | In reply to @aloisw:julia0815.de
Also we might need to nest the build directory in a not world-executable path to prevent the builder from allowing external processes to place sockets into it? Can you open an issue for this? | 18:44:56 |
 emily | /run/user does not work for Darwin, but $TMPDIR is per-user on Darwin. unfortunately, the path is much too long | 19:04:50 |
| emily | (e.g. /var/folders/yd/mh726b5d2vqfyp132jtzq9t80000gn/T/) | 19:04:54 |
 jade_ | at work at the moment, can look after. I am highly surprised at there being a regression in sending emails | 19:23:26 |
| raitobezarius (DECT: 7248) | In reply to @jade_:matrix.org
at work at the moment, can look after. I am highly surprised at there being a regression in sending emails this is fixed | 20:23:39 |
| raitobezarius (DECT: 7248) | MIXED cannot be used because we use different set of emails | 20:23:47 |
| raitobezarius (DECT: 7248) | the fix is on infra | 20:23:50 |
| raitobezarius (DECT: 7248) | In reply to @emilazy:matrix.org
/run/user does not work for Darwin, but $TMPDIR is per-user on Darwin. unfortunately, the path is much too long "the path is much too long" (sic) | 20:24:08 |
| raitobezarius (DECT: 7248) | okie | 20:24:25 |
| jade_ | wait whut | 20:58:22 |
| jade_ | MIXED should mean that it puts "Sender Name (Code Review) <instance@instance.instance" | 20:58:47 |
| jade_ | * MIXED should mean that it puts "Sender Name (Code Review) <instance@instance.instance>" | 20:58:48 |
| raitobezarius (DECT: 7248) | instance := gerrit instead of noreply | 20:58:55 |
| jade_ | omg | 20:58:59 |
| jade_ | okay you can fix that customwise tho | 20:59:04 |
| raitobezarius (DECT: 7248) | look the infra right now | 20:59:10 |
| raitobezarius (DECT: 7248) | it contains the fix | 20:59:12 |
| raitobezarius (DECT: 7248) | (courtesy of emily) | 20:59:30 |
| jade_ | !! oh! thank you so much emily | 21:00:10 |
| 16 Jul 2025 |
| aloisw | In reply to @raitobezarius:matrix.org
Can you open an issue for this? Done: https://git.lix.systems/lix-project/lix/issues/919 | 04:54:25 |
 K900 | @jade_ +2ed | 07:32:53 |
