andi- has quit [Remote host closed the connection]
andi- has joined #nixos-security
red[evilred] has quit [Quit: Idle timeout reached: 10800s]
kalbasit has quit [Ping timeout: 256 seconds]
watt801 has joined #nixos-security
watt801 has quit [Ping timeout: 256 seconds]
FRidh has joined #nixos-security
zarel has quit [Read error: Connection reset by peer]
zarel has joined #nixos-security
star_cloud has quit [Remote host closed the connection]
star_cloud has joined #nixos-security
zarel has quit [Ping timeout: 256 seconds]
zarel_ has joined #nixos-security
khaladrogo has joined #nixos-security
khaladrogo_lite has joined #nixos-security
FRidh has quit [Ping timeout: 265 seconds]
khaladrogo has quit [Ping timeout: 260 seconds]
khaladrogo_lite has quit [Remote host closed the connection]
khaladrogo_lite has joined #nixos-security
khaladrogo_lite has quit [Ping timeout: 264 seconds]
<gchristensen>
has anyone tried coming up with a more restrictive set of privileges for nix-daemon based on systemd-analyze security's output?
<gchristensen>
not sure, and untested, but I suspect we could remove @debug @module @swap @reboot @raw-io @clock
<__red__>
drupal RCE
<__red__>
I'm taking a look at it now.
<__red__>
Okay - so that's interesting. We have drush, but no drupal
<IdleBot_4fae1f80>
gchristensen: excuse my incompetence, but does this get inherited by builds? I am not sure we are ready to yank @clock if it includes gettimeofday… If @debug includes ptrace, I _want_ strace to be an option for debugging mysterious builds.
<gchristensen>
clock lets you change the time of day, not set
<IdleBot_4fae1f80>
OK, agree about @clock, probably @module @swap @reboot @raw-io should be unusable anyway because root, so why not forbid them just in case, and @debug I want to have as an option in builds. Not an option I want to need, but an option I want to have
<simpson>
gchristensen: A fun idea; this is somewhat like BSD pledge(), right?
<simpson>
Where once the capability is given up, it cannot be regained?
<ajs124>
simpson: it's not exactly like pledge in that pledge is something the process does itself. so you do your setup, then you pledge()
<ajs124>
with syscallfilters, it's an external limitation imposed by systemd through the seccomp mechanism (if I'm not misremembering this)
FRidh has joined #nixos-security
justan0theruser has quit [Ping timeout: 272 seconds]
kalbasit has joined #nixos-security
justan0theruser has joined #nixos-security
kalbasit has quit [Ping timeout: 240 seconds]
<pie_>
might be interesting? something something "Core scheduling is a feature that allows only trusted tasks to run concurrently on cpus sharing compute resources (eg: hyperthreads on a core). The goal is to mitigate the core-level side-channel attacks without requiring to disable SMT (which has a significant impact on performance in some situations)." https://lore.kernel.org/lkml/20201117232003.3580179-1-joel@joelfernandes.org/
<gchristensen>
huh
<hexa->
19:07 <anthraxx> auth against pam stuff like smtp where nullok is involved with pam_permit leading to successful auth against arbitrary non xisting accounts as they fall back to root if root has empty pw
<hexa->
is someone well versed in pam stuff and can check for that?
kalbasit has joined #nixos-security
tldr32- has joined #nixos-security
tldr32 has quit [Ping timeout: 240 seconds]
ris has joined #nixos-security
rajivr has quit [Quit: Connection closed for inactivity]
tilpner has quit [Quit: tilpner]
andi- has quit [Ping timeout: 272 seconds]
andi- has joined #nixos-security
justan0theruser has quit [Ping timeout: 240 seconds]
FRidh has quit [Quit: Konversation terminated!]
tilpner has joined #nixos-security
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 272 seconds]