From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 17 22:21:43 2019 Received: (at 37744) by debbugs.gnu.org; 18 Oct 2019 02:21:43 +0000 Received: from localhost ([127.0.0.1]:49084 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iLHtf-0001Kx-6Y for submit@debbugs.gnu.org; Thu, 17 Oct 2019 22:21:43 -0400 Received: from imta-35.everyone.net ([216.200.145.35]:39738 helo=imta-38.everyone.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iLHtZ-0001Km-VN for 37744@debbugs.gnu.org; Thu, 17 Oct 2019 22:21:41 -0400 Received: from pps.filterd (m0004961.ppops.net [127.0.0.1]) by imta-38.everyone.net (8.16.0.27/8.16.0.27) with SMTP id x9I2Es9e015246; Thu, 17 Oct 2019 19:21:36 -0700 X-Eon-Originating-Account: HQQaH7xPrdbLTsikNIxHpy2S7ZHo1Og4zAZ1W9JN0BU X-Eon-Dm: m0116293.ppops.net Received: by m0116293.mta.everyone.net (EON-AUTHRELAY2 - 32d0d199) id m0116293.5d97875f.2b6e6e; Thu, 17 Oct 2019 19:21:35 -0700 X-Eon-Sig: AQMHrIJdqSGvG3WSAQIAAAAD,4ddef3cdf42b38a43bfbb160ce21ea59 X-Eip: SVWxI_KHQOpUzQV7I-koheeuZOBEa2IMwfGVHBzDpDg Date: Thu, 17 Oct 2019 19:21:28 -0700 From: Bengt Richter To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#37744: Per-user profile directory hijack (CVE-2019-17365 for Nix) Message-ID: <20191018022128.GA1765@PhantoNv4ArchGx.localdomain> References: <87blujsqq0.fsf@gnu.org> <87y2xno85o.fsf@nckx> <87d0eyuqzd.fsf@gnu.org> <87mue2nkrj.fsf@nckx> <8736fttby6.fsf@gnu.org> <87tv89rnva.fsf@gnu.org> <878spksty3.fsf@gnu.org> <87blufny52.fsf@gnu.org> <878spjnqlo.fsf@nckx> <87k193ktk9.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87k193ktk9.fsf@gnu.org> User-Agent: Mutt/1.12.1 (2019-06-15) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-17_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1034 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=931 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910180021 X-Spam-Score: -0.4 (/) X-Debbugs-Envelope-To: 37744 Cc: 37744@debbugs.gnu.org, Tobias Geerinckx-Rice X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Bengt Richter Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.4 (-) Hi Ludo, Tobias, On +2019-10-17 22:25:58 +0200, Ludovic Courtès wrote: > Hallo! > > Tobias Geerinckx-Rice skribis: > > > Ludovic Courtès 写道: > >> See https://issues.guix.gnu.org/issue/37744 > > > > Will this be automatically linkified? > > Yes, I think so. > > >> # Upgrading > >> > >> On multi-user systems, we recommend upgrading the daemon now. > >> > >> To upgrade the daemon on a “foreign distro”, run something along > >> these > > > > Imperialist nitpick: why list the foreigners first? :-) > > > > Anti-imperialist nitpick: reversing the two allows using ‘other > > distributions’ instead of ‘foreign’ which always sounds a bit > > dismissive to my ears. > > > > End nitpick. > > That makes sense to me; I’m not satisfied with “foreign” either (I think > the inspiration came from FFIs, but still). Maybe “fellow distros”? > :-) Is not the important distinction whether the "foreign distro" can be generated with pure guix libre components using a pure guix tool chain vs not? Maybe define a (guix-auditable? "/") test and then s/foreign/non-guix-auditable/g in docs and discussions? Just a thought :) __ Regards, Bengt Richter