[arch-general] Why is it dangerous to run makepkg as root?

Bardur Arantsson spam at scientician.net
Sat May 17 16:08:13 EDT 2014

On 2014-05-17 21:50, Roland Tapken wrote:
> Hi Bardur,
>> Maybe I've missed something reading through this thread, but *assuming*
>> (yeah, I know) that packages can't run arbitrary scripts at install time
>> (which I think is a valid assumption for pacman),
> Is this so? I don't know since I've only scratched the surface of arch until 
> now. But I'm not quite sure about this, since, for example, there must be a 
> way to add new users like http after installing apache. How should this be 
> done without a post-install-script?

I always thought that "this package needs users X,Y and Z" was handled
via some metadata in the package description, not via scripts per se.
Maybe I'm wrong on that too.

>> Of course an attacker can still (via the build executables) delete all
>> the files you actually care about ($HOME) or install trojans into your
>> $HOME/bin (etc.), but still... If you discover such a comprosmise you'd
>> "only" have to delete your $HOME and restore from backup[0], whereas a
>> root compromise would require a full reinstall of everything.
> Even if your assumption about pacman is correct: Just let the malicious 
> PKGBUILD write a file into /etc/cron.d/, /etc/systemd or something like that 
> and you're doomed. No need for privilege escalation.

Ah, yes. True, of course. I knew I'd missed something! :)


More information about the arch-general mailing list