[Nix-dev] Malicious installation methods

[Eelco Dolstra]

Hi,

On 06/17/2016 03:02 PM, Ertugrul Söylemez wrote:

> For marketing reasons it may be beneficial to attach a security note to
> that command, such that people understand why it's really not any less
> secure than other methods.  Alternatively get rid of the pattern and
> distribute a bunch of tarballs instead.  In other words: perform the
> installation on Hydra, tar it, then provide platform-specific tars.

The installation section of the manual had info on how to install a binary
tarball directly, but this was lost accidentally. I've restored it in
f94a804cedc2bebe564e463bd2567da03a57204b.

We can also GPG-sign the installer script and/or the binary tarballs. That would
provide some protection against the case where the nixos.org webserver is
compromised.

> One interesting point is that little of the installation really requires
> root permissions.  Users could be asked to create the `/nix` directory
> and optionally a bunch of build users as root and then let the script do
> its job without root.  That way the script never needs to switch users.

This is already the case (as noted on the download page): if /nix exists and is
writable, then you don't need to have sudo root access.

-- 
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/