Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't send plugin-files to the daemon. #7736

Merged
merged 2 commits into from
Feb 2, 2023
Merged

Don't send plugin-files to the daemon. #7736

merged 2 commits into from
Feb 2, 2023

Conversation

shlevy
Copy link
Member

@shlevy shlevy commented Feb 2, 2023

This is radically unsafe and the daemon has already loaded its plugins anyway.

Fixes cachix/devenv#276

@shlevy
Don't send plugin-files to the daemon.
92edc38 
This is radically unsafe and the daemon has already loaded its plugins
anyway.

Fixes cachix/devenv#276
@shlevy shlevy mentioned this pull request Feb 2, 2023
Merged
@edolstra
Copy link
Member

edolstra commented Feb 2, 2023

Wouldn't it be better to ignore this setting on the daemon side? Otherwise we're relying on the client not sending it.

@thufschmitt thufschmitt added bug security Security-related issues backport 2.13-maintenance Automatically creates a PR against the branch labels Feb 2, 2023
@shlevy
daemon: Warn on old clients passing unexpected plugin-files.
895c525 
The setting itself was already ignored due to exception trying to set pluginFiles.
@shlevy
Copy link
Member Author

shlevy commented Feb 2, 2023

@edolstra Added. I kept both sides, so that newer clients against older daemons wouldn't get the warning either.

@thufschmitt Perhaps my "it was radically unsafe" was misleading. In the status quo, what actually happens is the user gets a confusing warning message, but everything still works, since the attempt to set pluginFiles on the daemon side throws an exception but that exception is caught and swallowed. So this doesn't merit backport for security purposes, though it may be desirable to improve the warning message. The "radical unsafety" would be if this worked.

@shlevy shlevy mentioned this pull request Feb 2, 2023
Closed
@edolstra edolstra merged commit b574c70 into NixOS:master Feb 2, 2023
@github-actions github-actions bot mentioned this pull request Feb 2, 2023
Closed
@github-actions
Copy link

github-actions bot commented Feb 2, 2023

Successfully created backport PR for 2.13-maintenance:

@thufschmitt
Copy link
Member

@shlevy that's reassuring :) I thought the daemon would actually load the .so file 😅

Then indeed the backport is probably not warranted, I'll just close the PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edolstra edolstra Awaiting requested review from edolstra

@thufschmitt thufschmitt Awaiting requested review from thufschmitt

Assignees
No one assigned
Labels
backport 2.13-maintenance Automatically creates a PR against the branch bug security Security-related issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

devenv breaks when using nix-plugins
3 participants
@shlevy @edolstra @thufschmitt