Stop Trusting Nix Caches
14 hours ago
- #Nix
- #CI/CD
- #Security
- Nix caches can pose significant security risks by allowing malicious actors to replace executables with harmful versions.
- External caches grant many people access, increasing the risk of remote code execution and privilege escalation.
- CI systems like GitHub Actions expose cache secrets to all contributors with write access, making them vulnerable to attacks.
- Per-flake caches limit the scope of potential attacks but still allow project developers to install malicious software.
- Solutions like garnix and Hydra limit cache access to fewer entities, improving security.
- Trustix aims to decentralize trust by requiring multiple caches to agree on artifacts, though it adds complexity.
- Users should review and remove untrusted caches from their Nix configuration files.
- Maintainers should consider migrating to more secure systems like Hydra or garnix.
- Even secure caches like garnix and Hydra can be compromised, so users should be aware of the risks.
- The post advocates for safer cache setups while acknowledging the benefits of caching in Nix.