• lily33
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    /nix/store is immutable. But there are some files in other places like /etc and /var that are mutable. Also I (or a malicious executable) could, in theory, delete store symlinks and replace them with mutable files. Impermanence helps, but you’ll still want some mutable state.

    Fully immutable systems have everything outside of /home read-only. NixOS is not one of them.

    • baduhai@sopuli.xyz
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I see.

      I don’t really get the malicious software point though. All immutable distros have a mechanism for changing, after all they need to be updated. If a malicious executable has root access, which is what you need to change symlinks on NixOS (I know services often get their own user, but unless modified, only root has access to those users), then these malicious executables could also leverage whatever mechanism for change other immutable distros have, to do malicious things, no?

      Though I do agree with you, now, that NixOS isn’t immutable.

      • lily33
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        There are ways to secure the update process. For example, you can enable secure boot and store your secure boot keys encrypted (or on a smart card). Then (if a full chain of trust is implemented) to update your system, you’d need to enter the private key password (or insert the smart card), and a root-access executable couldn’t to that automatically.

        • baduhai@sopuli.xyz
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Yeah, but do other distros do this though? Not that I’m aware.

          And surely the same could be done to NixOS, no?

          • lily33
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            I think it can in theory, but there will be some problems. But most likely Silverblue or something else would have its own problems trying to implement something like that - I don’t have any experience with them and don’t know how they’d compare.