Sorry, the first one went the wrong direction... Hi,
* Jason wrote 02 May 2005: > > > That said, I'm also of the opinion that the AUR should verify > > > PKGBUILDs... when I first heard the idea of the AUR, I thought that it > > > would include some checking (ala namcap) to verify a PKGBUILD. I > > > don't know if namcap is used on an upload or not - but I feel it > > > should be done, and that namcap can be extended to check for certain > > > attacks... yes, this won't cover everything, but pacman should deal > > > with the rest (i.e. the worst someone can do is overwrite some system > > > files... in which case pacman would require a "force"). > > > > It becomes very difficult to do this with any degree of guaranteed > > benefit. Consider that srcpac -S must be run as root. Then consider that > > any command in the PKGBUILD ends up getting run as root. So if my > > build() function contains "rm -rf /" then there goes your hard drive. > > > > Supposing, like you say, I have some checks for nasty things in place. > > So then suppose I ship an additional script in my tarball that cleverly > > builds the string "rm -rf /" and assembles it and executes it, so it's > > impossible to check for its existence. Now I call it from the PKGBUILD. > > It's all too easy. > > > > Does anyone have any ideas on how to make this safer? It wouldn't seem > > like a good idea in general for packages to be getting built as root in > > srcpac, so fixing this more generic problem is maybe a good idea. For > > one, could there be a way to run the whole srcpac makepkg process in a > > chroot jail? > I don't know too much about it, but wouldn't it be possible tell 'makepkg' that directories other than the build directory is 'non-existent'!? At least than you are able to find the packages with 'pacman', can adjust and/or build them with 'makepkg' and install them using 'pacman' again. Additional to the 'makepkg' adjustment, there should be some 'srcpac' feature that only supported packages are build and installed; the unsupported ones are just build. Hope, that doesn't sound too stupid. -- Fabian Braennstroem Duesseldorf/Berlin _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
