On 5/3/05, Aaron Griffin <[EMAIL PROTECTED]> wrote: > a) someone mentioned that there's no way to protect a user from > running a PKGBUILD which does "rm -rf /"... well, by the same notion, > there's no way to prevent a user from downloading a shell script which > simply does: > $ echo "enter the root password to install good stuff!" > $ su -c "rm -rf /"
Good point. Actually, somebody could just download a malicious PKGBUILD via the AUR web interface and do makepkg/pacman -A without reading it and that's it. I have an idea on how to secure from any kind of dangerous PKGBUILDs/install scripts. In the past, when I was using Slackware, I worked on a package building tool similar to Arch's makepkg (I didn't even heard about Arch yet). At some point I wanted to make it possible to allow "make install" to install files without passing any DESTDIR-like variable. I wrote a library to preload that wrapped fifteen functions such as fopen(), mkdir(), rmdir(), unlink etc. It was based on the idea of installwatch (used mainly by checkinstall). Eventually I abandoned this project because there were so many different install procedures that supporting them all was just impossible. However, I think that catching only destructive functions and preventing them from working (obviously - in case of makepkg - only if they are about to destroy anything above $startdir/pkg) is much simplier task. I will write some code, but expect first results only tommorow, today I'm going out for in about one and half hour. -- Jaroslaw Swierczynski <[EMAIL PROTECTED]> www.slackware.com | www.archlinux.org | www.juvepoland.com _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
