Ok, in response to alot of the different ideas raised here:
a) someone mentioned that there's no way to protect a user from
running a PKGBUILD which does "rm -rf /"... well, by the same notion,
there's no way to prevent a user from downloading a shell script which
simply does:
$ echo "enter the root password to install good stuff!"
$ su -c "rm -rf /"
it's all about caution and intelligence - though it'd be great for
everyone to be protected from themselves, it just wont happen...
there's wiki links to scripts that say "download this, chmod it, and
run it" - I can go change one of those links to the snippet mentioned
above, and careless users will run it... there's no "ultimate safety"
b) srcpac must run as root... I didn't know this... the following
could be a minor fix (off the top of my head):
function do_pacman()
{
echo "the root password is required to continue:"
su -c "pacman $@"
}
sed -i "[EMAIL PROTECTED]@[EMAIL PROTECTED]" /usr/bin/srcpac
with that in place, srcpac can build with fakeroot...protecting
against malicious PKGBUILDs, but that still wouldn't prevent bad
install scripts (shouldn't pacman validate this anyway, for security
purposes?)
c) why not just make a custom srcpac incarnation... srcpac-aur which
has a whole mess of "security" fixes?
d) when the AUR was being built, I was kind of expecting it to do some
sort of validation... right now it seems more like a formatted file
upload... yeah it makes sure the PKGBUILDs are valid and all that, but
I was expecting a bit more (perhaps a trial build on the AUR server?)
in terms of "keeping things sane"...
Aaron Griffin <phrakture>
_______________________________________________
arch mailing list
[email protected]
http://www.archlinux.org/mailman/listinfo/arch
