On Wed, Aug 01, 2007 at 12:41:35AM +0100, Andrew Fyfe wrote:
Jason Chu wrote:
Note of warning!! Do not use these scripts on any PKGBUILDs you don't trust! They source every PKGBUILD to obtain the information - if a single PKGBUILD has rm -rf ~ you'd lose your home directory. You've been warned. ;) (of course you could run it in a sandbox as well, but yeah.)
The new way I parse PKGBUILDs in namcap really rocks for not trusting PKGBUILDs. Apparently bash has a --restricted mode. You have to override the PATH variable to make sure they can't execute any commands, but that's about it.
http://projects.archlinux.org/git/?p=namcap.git;a=blob;f=parsepkgbuild;h=68a...
This script basically outputs a PKGBUILD in db format.
Are you sure 'source $1' works with --restricted mode? it doesn't for me.
If you wanted to be really paranoid you could use
TMPDIR=$(mktemp -d /tmp/parsepkgbuild.XXXXXX) PKGBUILD=$(readlink -f "$1")
cd "$TMPDIR" # Start a bash shell with a clean environment. env -i \ TERM=$TERM HOME=$TMPDIR PATH=$TMPDIR \ CARCH=$CARCH PKGBUILD=$PKGBUILD \ /bin/bash --noprofile --norc << EOF # Make PATH readonly to stop the PKGBUILD from changing it readonly PATH
source "$PKGBUILD"
This doesn't protect from executing arbitrary commands in the PKGBUILD. You can't use absolute PATHS in restricted mode. But you can change to the PKGBUILD directory before parsing it and then executing a restricted shell (resulting in a huge performance loss, because you need to spawn a shell process for each PKGBUILD). Enclosed. Jürgen