[arch-general] Why is it dangerous to run makepkg as root?
Roland Tapken
ml at lalamuhkuh.de
Sat May 17 15:50:32 EDT 2014
Hi Bardur,
> Maybe I've missed something reading through this thread, but *assuming*
> (yeah, I know) that packages can't run arbitrary scripts at install time
> (which I think is a valid assumption for pacman),
Is this so? I don't know since I've only scratched the surface of arch until
now. But I'm not quite sure about this, since, for example, there must be a
way to add new users like http after installing apache. How should this be
done without a post-install-script?
> Of course an attacker can still (via the build executables) delete all
> the files you actually care about ($HOME) or install trojans into your
> $HOME/bin (etc.), but still... If you discover such a comprosmise you'd
> "only" have to delete your $HOME and restore from backup[0], whereas a
> root compromise would require a full reinstall of everything.
Even if your assumption about pacman is correct: Just let the malicious
PKGBUILD write a file into /etc/cron.d/, /etc/systemd or something like that
and you're doomed. No need for privilege escalation.
Regards,
Roland
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140517/d26d1e8a/attachment-0001.asc>
More information about the arch-general
mailing list