-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 17.05.2014 14:40, schrieb Roland Tapken:
Hi,
I'm using arch for about half a year on a few systems, but every time I install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first guess was that the PKGBUILD usually comes from an untrusted source and may contain code to attack my system (copy personal data or install a rootkit or something like that). But on the other hand, this file tells makepkg how to build the package that will be installed as root, so if the author of the PKGBUILD has bad purposes he will just put that code into the created package.
The second idea is that this advice should prevent the script from *accidentally* damage my system. But this could be prevented by using fakeroot (which is disabled when calling makepkg with --asroot according to the manpage) or chroot. And actually the proper advice in this case should be to execute makepkg using a user dedicated for this, as for most arch users it would be worse if their personal file get deleted as if the system becomes unbootable.
Regards,
Roland
Hey Roland, there is a general security principle called "Principle of least privilege", which roughly says, that one should give a user/process/... only the minimum of privileges it neads to accomplish its tasks. makepkg does not need root privileges to build packages, so do not give those to it. makepkg does a lot of crazy things - downloading stuff, excuting scripts and complex programs (compilers, ...) - a single bug in one of those can render your system unusable, when executed as root. I think your idea of a dedicated user is great and would implement the principle mentioned above even better. [0] https://en.wikipedia.org/wiki/Principle_of_least_privilege Cheers, ushi -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJTd13uAAoJEAAoDO4PlX3gjLMP/iR+JhKPygx49kFTNktgEbt7 r97BJcHUgPnglRl+w7LjHOJYSYRuNt7FclDK5l4iK0Kog0yrBqohL2wVsIa/ehTF jm/npxpjD0RWtr8nKSTyujlB/deVCV+TiHao+NiRbDFhkORhx8R7ohAw3pgwG8j6 vXkWpZ3NbOxx7G76xXd9YF9dqCFEddIFZ2gFgXaOgaRuMWAe5SdpW1fvpyRcv37v QJdbnzlQoafkTCZKF98inuf2lJKTYBHfaOZJsh3Q5KUS1a6a/qBIvqNQdWNPu1la FtBwwEQ3ku5XeldLi2D0wH4ZRsSBsqCxjXqav/PDyxUDBiTmfBllAToq6o4mGsCM zPCc/P7JvLMNIwMSxf6rXg8lEEIUP867Srx91hY5hdQeINfS1BoX67vq+5FuI5+Q voBfwxl+nSVPdeYydg12xsF91LNW1gUgSd6nVDHcOZX1gPxjZvA3Qin6EYf50pP7 8qVuxzp8qboxmsECKRZgMaAzenGBK482hGjPIkhgQ/n+uU46tGOHlmY1E4QstCoo rzovvzelN0bRdphsClYGmoT4gm/Axbnbhti4WkXYjVjfz8RK6yujV5b3VIdkoPM5 QWJdrbW5wb2Mm2Rvi9UUSqXy6LvK89d0ue2Nu/P4WubbUhq4ZcfKii2UeqJH5fk3 ahUmNW9MEiYJcGXpEoxH =pbJr -----END PGP SIGNATURE-----