[PATCH] doc: Call out potential for downgrade attacks with time-machine.

  • Done
  • quality assurance status badge
Details
4 participants
  • Ludovic Courtès
  • Tobias Geerinckx-Rice
  • pelzflorian (Florian Pelz)
  • zimoun
Owner
unassigned
Submitted by
pelzflorian (Florian Pelz)
Severity
normal

Debbugs page

pelzflorian (Florian Pelz) wrote 2 years ago
(address . guix-patches@gnu.org)
87v8nbjgck.fsf@pelzflorian.de
* doc/guix.texi (Invoking guix time-machine): Add a note.
---
doc/guix.texi | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

Toggle diff (31 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index eaecfd0daa..c29db13be6 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -60,7 +60,7 @@
Copyright @copyright{} 2018 Mike Gerwitz@*
Copyright @copyright{} 2018 Pierre-Antoine Rouby@*
Copyright @copyright{} 2018, 2019 Gábor Boskovits@*
-Copyright @copyright{} 2018, 2019, 2020 Florian Pelz@*
+Copyright @copyright{} 2018, 2019, 2020, 2022 Florian Pelz@*
Copyright @copyright{} 2018 Laura Lazzati@*
Copyright @copyright{} 2018 Alex Vong@*
Copyright @copyright{} 2019 Josh Holland@*
@@ -4834,6 +4834,13 @@ Invoking guix time-machine
large number of packages; the result is cached though and subsequent
commands targeting the same commit are almost instantaneous.
+@quotation Note
+Naturally, no security fixes can be provided for old versions of Guix
+or its channels. This also means that careless use of @command{guix
+time-machine} opens the door to downgrade attacks.
+@xref{Invoking guix pull, @option{--allow-downgrades}}.
+@end quotation
+
The general syntax is:
@example

base-commit: 7502af793172714b2b322c21ba2379c698108ef2
--
2.38.0
Tobias Geerinckx-Rice wrote 2 years ago
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)
8735af9i8b.fsf@nckx
Hi Florian,

and thanks for the patch.

pelzflorian (Florian Pelz) 写道:
Toggle quote (9 lines)
> +@quotation Note
> +Naturally, no security fixes can be provided for old versions
> of Guix
> +or its channels. This also means that careless use of
> @command{guix
> +time-machine} opens the door to downgrade attacks.
> +@xref{Invoking guix pull, @option{--allow-downgrades}}.
> +@end quotation

‘Attack’ is a very big word. It should not end a paragraph. What
would the downgrade attack—distinct from a downgrade—look like?

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY3jcdA0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15+UQBAMLDk9dFxu8TKhm3O+rnX6D+VV5EKAFjLZMOSnFz
5ZSlAQDG77jDtZPiFJqL+a9LNwnp5ZhzwoYpv9MnUYwwwzG7Dg==
=QvE2
-----END PGP SIGNATURE-----

pelzflorian (Florian Pelz) wrote 2 years ago
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
87wn7qn8rd.fsf@pelzflorian.de
Hi Tobias, thanks for your thoughts.

Tobias Geerinckx-Rice <me@tobias.gr> writes:
Toggle quote (10 lines)
> pelzflorian (Florian Pelz) 写道:
>> @quotation Note
>> Naturally, no security fixes can be provided for old versions of Guix
>> or its channels. This also means that careless use of @command{guix
>> time-machine} opens the door to downgrade attacks.
>> @xref{Invoking guix pull, @option{--allow-downgrades}}.
>> @end quotation
> ‘Attack’ is a very big word. It should not end a paragraph. What
> would the downgrade attack—distinct from a downgrade—look like?

My choice of words was the same as in the unattended upgrades service,
but perhaps I should add before the @xref:

Suggestions to ``just use the time machine'' could be attempts to trick
people to use old software. But they can also get you back to a working
state.

Regards,
Florian
zimoun wrote 2 years ago
(address . 59383@debbugs.gnu.org)
86a64kk11y.fsf@gmail.com
Hi,

On Sat, 19 Nov 2022 at 18:39, "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> wrote:

Toggle quote (10 lines)
>>> @quotation Note
>>> Naturally, no security fixes can be provided for old versions of Guix
>>> or its channels. This also means that careless use of @command{guix
>>> time-machine} opens the door to downgrade attacks.
>>> @xref{Invoking guix pull, @option{--allow-downgrades}}.
>>> @end quotation
>>
>> ‘Attack’ is a very big word. It should not end a paragraph. What
>> would the downgrade attack—distinct from a downgrade—look like?

Why not something like,

Toggle snippet (10 lines)
@quotation Note
The history of Guix is immutable and @command{guix time-machine}
provides the exact same software as they are in a specific Guix
revision. Naturally, no security fixes are provided for old versions
of Guix or its channels. A careless use of @command{guix time-machine}
opens the door to security vulnerabilities @xref{Invoking guix pull,
@option{--allow-downgrades}}.
@end quotation

?

Cheers,
simon
Ludovic Courtès wrote 2 years ago
Re: bug#59383: [PATCH] doc: Call out potential for downgrade attacks with time-machine.
(name . zimoun)(address . zimon.toutoune@gmail.com)
87pmdfifov.fsf_-_@gnu.org
Hi,

zimoun <zimon.toutoune@gmail.com> skribis:

Toggle quote (9 lines)
> @quotation Note
> The history of Guix is immutable and @command{guix time-machine}
> provides the exact same software as they are in a specific Guix
> revision. Naturally, no security fixes are provided for old versions
> of Guix or its channels. A careless use of @command{guix time-machine}
> opens the door to security vulnerabilities @xref{Invoking guix pull,
> @option{--allow-downgrades}}.
> @end quotation

I like that wording. Florian, WDYT?

Ludo’.
pelzflorian (Florian Pelz) wrote 2 years ago
(address . 59383-done@debbugs.gnu.org)
87o7szcahe.fsf@pelzflorian.de
zimoun’s wording is good; less alarmist. I used his words (with a
period before @xref, no french spacing and a less alarmist commit
message and Co-authored by line). Pushed as
b8d4c323f5d089dd800b358143d5bae26c965404. Closing.

Regards,
Florian
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 59383@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 59383
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help