On Wed, Aug 01, 2007 at 12:41:35AM +0100, Andrew Fyfe wrote:
Jason Chu wrote:
Note of warning!! Do not use these scripts on any PKGBUILDs you don't trust! They source every PKGBUILD to obtain the information - if a single PKGBUILD has rm -rf ~ you'd lose your home directory. You've been warned. ;) (of course you could run it in a sandbox as well, but yeah.)
The new way I parse PKGBUILDs in namcap really rocks for not trusting PKGBUILDs. Apparently bash has a --restricted mode. You have to override the PATH variable to make sure they can't execute any commands, but that's about it.
http://projects.archlinux.org/git/?p=namcap.git;a=blob;f=parsepkgbuild;h=68a...
This script basically outputs a PKGBUILD in db format.
Are you sure 'source $1' works with --restricted mode? it doesn't for me.
What do you mean? You tried the script and it doesn't work on your machine? That's weird because I've had a number of people use it with no problems...
If you wanted to be really paranoid you could use
TMPDIR=$(mktemp -d /tmp/parsepkgbuild.XXXXXX) PKGBUILD=$(readlink -f "$1")
cd "$TMPDIR" # Start a bash shell with a clean environment. env -i \ TERM=$TERM HOME=$TMPDIR PATH=$TMPDIR \ CARCH=$CARCH PKGBUILD=$PKGBUILD \ /bin/bash --noprofile --norc << EOF # Make PATH readonly to stop the PKGBUILD from changing it readonly PATH
source "$PKGBUILD"
... EOF
True... I'll probably end up using parts of that. Might as well give the PKGBUILD a clean environment ;) Except that doesn't that still let the user execute programs in any other directory (/usr/bin/rm) and also cd to any other directory? Those were two things that I really relied on --restricted to help with. Jason