- cross-posted to:
- guix@infosec.pub
- cross-posted to:
- guix@infosec.pub
On a multi-tenant GNU Guix system like the Dam, unprivileged users can trigger the download and installation of software in the store, the read-only part of the filesystem where all the software is.
You must log in or register to comment.
@csantosb Should point out that the script is also blind to use of ‘guix shell’. I’ve stopped using that for this reason…
@csantosb Great article, maybe just two observations:
- “Disk space is cheap” - due to the demand generated by AI datacenters the storage (and memory) prices are increasing.
- “Guix was not affected by this very clever attack” - Guix was not affected by the xz attack, because it packages an older version. The xz package is still being built from the release tarball instead of the git repository.
https://mail.gnu.org/archive/html/guix-devel/2024-03/msg00281.html
