Hi, I have a question. When calling `nix-store --verify-path /nix/store/something`, it verifies that the contents of the store path haven't been altered by an attacker or some other corruption like bitflips or something, am I right?
It does so by comparing the hashsum of the directory contents with a hash sum
stored in some database, am I right?
How to know that the database isn't corrupt?
Following scenario:
An attacker altered the libc of my system. The attacker knows how nix works
and alters the hash stored in the database as well.
Calling `nix-store --verify-path /nix/store/somehash-libc-something` exits
without error now, as the hashes still match.
Or am I getting something wrong here?
--
Mit freundlichen Grüßen,
Kind regards,
Matthias Beyer
Proudly sent with mutt.
Happily signed with gnupg.
signature.asc
Description: PGP signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
