Encapsulating a 3rd party script into Conductor/Holonix/DNA rules

Technical Discussion App Development
#1

Hi everyone, I’m trying to wrap my head around a potential usecase for Holochain and what the resulting architecture looks like.

Let’s say we have a 3rd party piece of software like flux that reads the system time and prints the desired screen temperate to the stdout of a shell. My Holochain app would require users to download this script, run it using a rust Process Command, listen for the stdout and report the contents to their Source Chain every hour.

My first thought on how this would work is that the DNA of the hApp would employ NixOs’s package manager to download and set up the script within the nix environment. However, a dishonest player of the ‘what temperature should my screen be’ game could simply log into the nix-shell and change the script contents, or to rename the PATH variable so that the script executed is an alternate version.

In summary:

  • How ‘rigid’ can we make our nix environments, and can users tamper with scripts once they start up their Holochain conductors inside the nix environment?
  • How can we include 3rd party scripts in our games without users tampering with them
  • Is there a validation or hashing mechanism by which we can ensure users in the game were running a valid environment and correct version of the script?
#2

@guillemcordoba can I get your opinion on this one?

#3

Hi @_pyramid of course :slight_smile:

Unfortunately, from inside a holochain DNA we have absolutely no control whatsover on the NixOS or any other thing in the environment where the conductor is running. If we did, this would be a huge security attack surface. We also don’t have access to the system terminal or anything similar.

This is because our DNA code runs in sandboxed WASM inside the conductor, which only exposes a limited set of functions that the WASM is able to call, and all of them related to holochain in some way (create_entry, agent_info, etc.).

So basically to do something like this you have to ask the user to install the script separately in their own machine, and you can’t force anyone to have anything installed on their machine or check that they have with some hash, since they can lie about it and we have no way of verifying this. This is why validation rules exists, but they can only check things that are happening inside the DHT.

I’m curious though, what is your use case and why do you want to verify something so specific?

1 Like