Re: Potential security weakness in Guix services

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security weakness in Guix services

From:	Ludovic Courtès
Subject:	Re: Potential security weakness in Guix services
Date:	Sat, 06 Feb 2021 22:28:22 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

Maxime Devos <maximedevos@telenet.be> skribis:

> On Fri, 2021-02-05 at 13:20 +0100, Maxime Devos wrote:
>> On Fri, 2021-02-05 at 10:57 +0100, Ludovic Courtès wrote:
>> > [...]
>> [...]
>> 
>> I'll try to implement this API in Scheme (using the FFI), and post
>> it at https://notabug.org/mdevos/things.  I'll post a follow-up
>> messsage once I've implemented the basics (openat, chmodat,
>> chownat).
>
> Ping!
> https://notabug.org/mdevos/things/src/a0715e6758ad43252e16993dcf688a25156057f3/fs-at.scm

Nice!

I just remembered this subtlety: during bootup, the activation code is
evaluated by the Guile that’s in the initrd, which is a
statically-linked Guile, and thus we can’t use ‘dynamic-link’ & co. in
there.  :-/

(That’s why we carry ‘guile-linux-syscalls.patch’.)

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/01
- Re: Potential security weakness in Guix services, Julien Lepiller, 2021/02/01
  - Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/01
    - Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/02
    - Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/02
    - Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/02
    - Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/05
    - Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/05
    - Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/05
    - Re: Potential security weakness in Guix services, Ludovic Courtès <=
    - Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/06
    - Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/10
    - Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/06
    - TOCTTOU race (was: Potential security weakness in Guix services), Maxime Devos, 2021/02/14
    - Re: TOCTTOU race (was: Potential security weakness in Guix services), Bengt Richter, 2021/02/14
    - Re: TOCTTOU race, Ludovic Courtès, 2021/02/18
    - Re: TOCTTOU race, Maxime Devos, 2021/02/19
    - Re: TOCTTOU race, Ludovic Courtès, 2021/02/22
    - Re: TOCTTOU race, Maxime Devos, 2021/02/22
    - Re: TOCTTOU race, Ludovic Courtès, 2021/02/23

Prev by Date: Re: Potential security weakness in Guix services
Next by Date: Re: Unreproducible “guix pack -f docker” because config.scm-builder
Previous by thread: Re: Potential security weakness in Guix services
Next by thread: Re: Potential security weakness in Guix services
Index(es):
- Date
- Thread