Are there any interesting #redteam or offensive security reports on cracking #guix or #nixos? I've always been curious what kind of challenges it would present in practice/how much difficulty the immutable store and containerization of packages would really pose, or if there are minor faults throughout the codebase they can easily be tracked down and exploit for professionals. But haven't found any good posts on the matter.
@rml In normal operation, NixOS doesn't containerize packages. Manipulating $PATH to only have certain software available is good against accidentally using more than one should, but doesn't protect against rouge (or pwned) applications just calling stuff by its fully qualified /nix/store path, so I don't think that'd be much of an obstacle.