On Thu, Apr 16, 2015 at 11:33 PM Ertugrul Söylemez <ert...@gmx.de> wrote:
> > IMHO, "nix-env" should pass those options on to the daemon, i.e. it > > should not be necessary to hard-code hydra.cryp.to as a global binary > > cache for this to work. > > Actually I'm not sure whether this is such a good idea. If it did, it > would be a backdoor into fellow system users. An attacker could > construct a Nix expression that matches exactly another system user's > expression. Then the attacker builds it, but they tell Nix that they > have a binary cache available for it, which delivers an infected version > of the derivation. > > When the other system user tries to build the same expression, they find > that it is already built, but it is actually the infected substitute > injected by the attacker. > And that’s exactly why Nix won’t allow an untrusted user to use a custom binary cache unless it is listed in `trusted-binary-caches` in `nix.conf`.
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
