Hi, 'rm -rf /' works on debian and debian like systems. I tried it in a virtual machine. I used Debian for 4 years before I moved to arch two weeks ago. I find the fakeroot a good security wall. A always use it. Tom Kanocz, Slovakia Colin Pitrat wrote:
You guys DO know that 'rm -rf /' is a harmless command that simply exits with an error message? You should use 'rm -rf /*' to kill someone's system.
You say that hoping that some of us will try 'rm -rf /' ?
By the way, I fear 'rm -rf ~' as standard user as much as I fear 'rm -rf /' as root (call me believer, I'm pretty sure it works on some systems).
Regards, Colin Pitrat
Just think of what this would do as root in a PKGBUILD:
build() { echo "You've been pwned!!!" rm -rf / }
Be sure to check .install files too. They can also contain rm -rf / in post_install, those are executed by root when you install the
Jan de Groot schrieb: package ;)
However, the problem with makepkg as root can be more subtle: If a broken PKGBUILD or Makefile installs files into / instead of ${startdir}/pkg, files will be missing in your package. However, you will not notice it, as the files are present in your system, and there won't be any error messages during the build process.
I met a user on IRC once who claimed his PKGBUILD and the resulting package were fine, but the package was indeed empty, instead makepkg installed all files directly into his system - these files were now unknown to pacman.
Worst case (apart from a malicious PKGBUILD) is that you overwrite critical system configuration files or libraries and render your system unusable.
[attachment "signature.asc" deleted by Colin Pitrat/NCE/AMADEUS]