Ludovic Courtès <l...@gnu.org> writes: > Hello Divan, > > Divan Santana <di...@santanas.co.za> skribis: > >> If guix is installed on a system and configured to point to substitutes >> that the same nonroot user has access to submit and approve packages in, >> can that nonroot user on the system gain root. Therefore would one need >> to review the submitted packages to avoid the user gaining root. >> >> (This is talking about guix package manager on a foreign distro like >> RedHat) >> >> I'm guessing it's not possible. Though would be nice to have >> feedback from those that are more familiar with it. > > We owe this design to Eelco Dolstra et al. of Nix. There’s a very good > analysis in this paper: > > https://nixos.org/~eelco/pubs/secsharing-ase2005-final.pdf > > Hopefully it answers all your questions and more. If not, come back > here. :-)
Thanks Ludo. :-)
