On 17/05/14 03:12 PM, Bardur Arantsson wrote:
On 2014-05-17 14:40, Roland Tapken wrote:
Hi,
I'm using arch for about half a year on a few systems, but every time I install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first guess was that the PKGBUILD usually comes from an untrusted source and may contain code to attack my system (copy personal data or install a rootkit or something like that). But on the other hand, this file tells makepkg how to build the package that will be installed as root, so if the author of the PKGBUILD has bad purposes he will just put that code into the created package.
Maybe I've missed something reading through this thread, but *assuming* (yeah, I know) that packages can't run arbitrary scripts at install time (which I think is a valid assumption for pacman), there is a slight theoretical advantage to the current behavior in that if you never run $NEW_PACKAGE *as root* then your system cannot be compromised quite as extensively as if you had run PKGBUILD as root (which would allow completely arbitrary commands as root, either through a malicious PKGBUILD or other attack channels such as an exploitable gcc, etc.).
Packages can and do run arbitrary code via the install script. This is used to do everything from adding new users / groups to regenerating caches / databases.