[arch-general] makepkg running as root
Sometimes I build packages from AUR, and (obviously wrongly), do this as root. Today I got this message: ==> ERROR: Running makepkg as root is a BAD idea and can cause permanent, catastrophic damage to your system. If you wish to run as root, please use the --asroot option. Can someone explain. Richard
On Jan 21, 2008 9:33 PM, richard terry <rterry@gnumed.net> wrote:
Sometimes I build packages from AUR, and (obviously wrongly), do this as root.
Today I got this message:
==> ERROR: Running makepkg as root is a BAD idea and can cause permanent, catastrophic damage to your system. If you wish to run as root, please use the --asroot option.
Can someone explain.
What's to explain that that message didn't already explain?
On Jan 21, 2008 9:42 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Jan 21, 2008 9:33 PM, richard terry <rterry@gnumed.net> wrote:
Sometimes I build packages from AUR, and (obviously wrongly), do this as root.
Today I got this message:
==> ERROR: Running makepkg as root is a BAD idea and can cause permanent, catastrophic damage to your system. If you wish to run as root, please use the --asroot option.
Can someone explain.
What's to explain that that message didn't already explain?
makepkg by default uses sudo/fakeroot to get things done, as building a package never requires that you actually modify files on your real system, but we do want the permissions to be set correctly inside the built package. This removes the need to run makepkg as root and reduces the security risk of a malicious PKGBUILD destroying your system. Just think of what this would do as root in a PKGBUILD: build() { echo "You've been pwned!!!" rm -rf / } -Dan
"Dan McGee" <dpmcgee@gmail.com>:
Just think of what this would do as root in a PKGBUILD:
build() { echo "You've been pwned!!!" rm -rf / } This is the reason why I always take a look into a PGKBUILD before makepkging it (as user of course!).
-- Gruß, Johannes Täglich http://blog.hehejo.de und du fühlst dich gut. http://cryptocd.eduforge.org/online_version
-----Oorspronkelijk bericht----- Van: arch-general-bounces@archlinux.org [mailto:arch-general- bounces@archlinux.org] Namens Dan McGee Verzonden: dinsdag 22 januari 2008 4:52 Aan: General Discusson about Arch Linux Onderwerp: Re: [arch-general] makepkg running as root
Just think of what this would do as root in a PKGBUILD:
build() { echo "You've been pwned!!!" rm -rf / }
Be sure to check .install files too. They can also contain rm -rf / in post_install, those are executed by root when you install the package ;)
Jan de Groot schrieb:
Just think of what this would do as root in a PKGBUILD:
build() { echo "You've been pwned!!!" rm -rf / }
Be sure to check .install files too. They can also contain rm -rf / in post_install, those are executed by root when you install the package ;)
You guys DO know that 'rm -rf /' is a harmless command that simply exits with an error message? You should use 'rm -rf /*' to kill someone's system. However, the problem with makepkg as root can be more subtle: If a broken PKGBUILD or Makefile installs files into / instead of ${startdir}/pkg, files will be missing in your package. However, you will not notice it, as the files are present in your system, and there won't be any error messages during the build process. I met a user on IRC once who claimed his PKGBUILD and the resulting package were fine, but the package was indeed empty, instead makepkg installed all files directly into his system - these files were now unknown to pacman. Worst case (apart from a malicious PKGBUILD) is that you overwrite critical system configuration files or libraries and render your system unusable.
You guys DO know that 'rm -rf /' is a harmless command that simply exits with an error message? You should use 'rm -rf /*' to kill someone's system.
Just think of what this would do as root in a PKGBUILD:
build() { echo "You've been pwned!!!" rm -rf / }
Be sure to check .install files too. They can also contain rm -rf / in
You say that hoping that some of us will try 'rm -rf /' ? By the way, I fear 'rm -rf ~' as standard user as much as I fear 'rm -rf /' as root (call me believer, I'm pretty sure it works on some systems). Regards, Colin Pitrat Jan de Groot schrieb: post_install, those are executed by root when you install the package ;) However, the problem with makepkg as root can be more subtle: If a broken PKGBUILD or Makefile installs files into / instead of ${startdir}/pkg, files will be missing in your package. However, you will not notice it, as the files are present in your system, and there won't be any error messages during the build process. I met a user on IRC once who claimed his PKGBUILD and the resulting package were fine, but the package was indeed empty, instead makepkg installed all files directly into his system - these files were now unknown to pacman. Worst case (apart from a malicious PKGBUILD) is that you overwrite critical system configuration files or libraries and render your system unusable. [attachment "signature.asc" deleted by Colin Pitrat/NCE/AMADEUS]
Hi, 'rm -rf /' works on debian and debian like systems. I tried it in a virtual machine. I used Debian for 4 years before I moved to arch two weeks ago. I find the fakeroot a good security wall. A always use it. Tom Kanocz, Slovakia Colin Pitrat wrote:
You guys DO know that 'rm -rf /' is a harmless command that simply exits with an error message? You should use 'rm -rf /*' to kill someone's system.
You say that hoping that some of us will try 'rm -rf /' ?
By the way, I fear 'rm -rf ~' as standard user as much as I fear 'rm -rf /' as root (call me believer, I'm pretty sure it works on some systems).
Regards, Colin Pitrat
Just think of what this would do as root in a PKGBUILD:
build() { echo "You've been pwned!!!" rm -rf / }
Be sure to check .install files too. They can also contain rm -rf / in post_install, those are executed by root when you install the
Jan de Groot schrieb: package ;)
However, the problem with makepkg as root can be more subtle: If a broken PKGBUILD or Makefile installs files into / instead of ${startdir}/pkg, files will be missing in your package. However, you will not notice it, as the files are present in your system, and there won't be any error messages during the build process.
I met a user on IRC once who claimed his PKGBUILD and the resulting package were fine, but the package was indeed empty, instead makepkg installed all files directly into his system - these files were now unknown to pacman.
Worst case (apart from a malicious PKGBUILD) is that you overwrite critical system configuration files or libraries and render your system unusable.
[attachment "signature.asc" deleted by Colin Pitrat/NCE/AMADEUS]
2008/1/22, Colin Pitrat <colin.pitrat@amadeus.com>:
You guys DO know that 'rm -rf /' is a harmless command that simply exits with an error message? You should use 'rm -rf /*' to kill someone's system.
You say that hoping that some of us will try 'rm -rf /' ?
By the way, I fear 'rm -rf ~' as standard user as much as I fear 'rm -rf /' as root (call me believer, I'm pretty sure it works on some systems).
AFAIR rm -rf works only on a system with pre-6.x coreutils (and without a backport). -- Roman Kyrylych (Роман Кирилич)
Just think of what this would do as root in a PKGBUILD:
build() { echo "You've been pwned!!!" rm -rf / }
Be sure to check .install files too. They can also contain rm -rf / in
Here is a proof that I was right to believe. On Ubuntu: http://www.youtube.com/watch?v=D4fzInlyYQo Regards, Colin Pitrat Thomas Bächler <thomas@archlinux.org> To General Discusson about Arch Linux <arch-general@archlinux.org> cc Subject Re: [arch-general] makepkg running as root Thomas Bächler <thomas@archlinux.org> Please respond to : General Discusson about Arch Linux <arch-general@archlinux.org> Sent by: arch-general-bounces@archlinux.org 22/01/2008 11:06 Jan de Groot schrieb: post_install, those are executed by root when you install the package ;) You guys DO know that 'rm -rf /' is a harmless command that simply exits with an error message? You should use 'rm -rf /*' to kill someone's system. However, the problem with makepkg as root can be more subtle: If a broken PKGBUILD or Makefile installs files into / instead of ${startdir}/pkg, files will be missing in your package. However, you will not notice it, as the files are present in your system, and there won't be any error messages during the build process. I met a user on IRC once who claimed his PKGBUILD and the resulting package were fine, but the package was indeed empty, instead makepkg installed all files directly into his system - these files were now unknown to pacman. Worst case (apart from a malicious PKGBUILD) is that you overwrite critical system configuration files or libraries and render your system unusable. [attachment "signature.asc" deleted by Colin Pitrat/NCE/AMADEUS]
Colin Pitrat schrieb:
Here is a proof that I was right to believe. On Ubuntu: http://www.youtube.com/watch?v=D4fzInlyYQo
Regards, Colin Pitrat
It's a recent change in coreutils 6. 'Cannot remove root directory /'.
2008/1/22, Thomas Bächler <thomas@archlinux.org>:
Colin Pitrat schrieb:
Here is a proof that I was right to believe. On Ubuntu: http://www.youtube.com/watch?v=D4fzInlyYQo
Regards, Colin Pitrat
It's a recent change in coreutils 6. 'Cannot remove root directory /'.
I'm surprised that no-one seems to have checked the manpage for rm: http://linux.die.net/man/1/rm --no-preserve-root do not treat '/' specially (the default) --preserve-root fail to operate recursively on '/' Although i must admit that i didn't check arch's manpage yet. mvg, Guus
Le Mardi 22 Janvier 2008 12:56, Guus Snijders a écrit :
I'm surprised that no-one seems to have checked the manpage for rm: http://linux.die.net/man/1/rm
--no-preserve-root do not treat '/' specially (the default) --preserve-root fail to operate recursively on '/'
Although i must admit that i didn't check arch's manpage yet.
In the arch manpage, I can see: --preserve-root do not remove `/' (default)
mvg, Guus
-- slubman site: http://www.slubman.info/
-----Oorspronkelijk bericht----- Van: arch-general-bounces@archlinux.org [mailto:arch-general- bounces@archlinux.org] Namens Thomas Bächler Verzonden: dinsdag 22 januari 2008 12:12 Aan: General Discusson about Arch Linux Onderwerp: Re: [arch-general] makepkg running as root
Colin Pitrat schrieb:
Here is a proof that I was right to believe. On Ubuntu: http://www.youtube.com/watch?v=D4fzInlyYQo
Regards, Colin Pitrat
It's a recent change in coreutils 6. 'Cannot remove root directory /'.
It's a quite stupid protection to do in coreutils. On FreeBSD, the / directory has a flag so that you can't change or delete the / itself. They also do this on special system files that shouldn't be overwritten (that's why you can't tar up a FreeBSD system and unpack it on a random other box).
On Jan 22, 2008 6:09 AM, Jan de Groot <jan@jgc.homeip.net> wrote:
It's a quite stupid protection to do in coreutils. On FreeBSD, the / directory has a flag so that you can't change or delete the / itself. They also do this on special system files that shouldn't be overwritten (that's why you can't tar up a FreeBSD system and unpack it on a random other box).
Agreed. The FreeBSD way is much more sane, though I guess we could model it with immutable files in a way
2008/1/22, Aaron Griffin <aaronmgriffin@gmail.com>:
On Jan 22, 2008 6:09 AM, Jan de Groot <jan@jgc.homeip.net> wrote:
It's a quite stupid protection to do in coreutils. On FreeBSD, the / directory has a flag so that you can't change or delete the / itself. They also do this on special system files that shouldn't be overwritten (that's why you can't tar up a FreeBSD system and unpack it on a random other box).
Agreed. The FreeBSD way is much more sane, though I guess we could model it with immutable files in a way
Hmm, that would perhaps work for Arch (where one can assume capable users), but personally i like coreutils' approach better. A disadvantage with immutable files is that *the rest* would be removed... mvg, Guus
participants (11)
-
Aaron Griffin
-
Colin Pitrat
-
Dan McGee
-
Guus Snijders
-
Jan de Groot
-
Johannes Held
-
richard terry
-
Roman Kyrylych
-
Sentinel
-
slubman
-
Thomas Bächler