Hello Divan, Divan Santana <[email protected]> skribis:
> If guix is installed on a system and configured to point to substitutes > that the same nonroot user has access to submit and approve packages in, > can that nonroot user on the system gain root. Therefore would one need > to review the submitted packages to avoid the user gaining root. > > (This is talking about guix package manager on a foreign distro like > RedHat) > > I'm guessing it's not possible. Though would be nice to have > feedback from those that are more familiar with it. We owe this design to Eelco Dolstra et al. of Nix. There’s a very good analysis in this paper: https://nixos.org/~eelco/pubs/secsharing-ase2005-final.pdf Hopefully it answers all your questions and more. If not, come back here. :-) Ludo’.
