[arch-general] Why is it dangerous to run makepkg as root?
Bardur Arantsson
spam at scientician.net
Sat May 17 17:42:11 EDT 2014
On 2014-05-17 22:55, ushi wrote:
> Am 17.05.2014 22:08, schrieb Bardur Arantsson:
>> On 2014-05-17 21:50, Roland Tapken wrote:
>>> Hi Bardur,
>>>
>>>> Maybe I've missed something reading through this thread, but *assuming*
>>>> (yeah, I know) that packages can't run arbitrary scripts at install time
>>>> (which I think is a valid assumption for pacman),
>>>
>>> Is this so? I don't know since I've only scratched the surface of arch until
>>> now. But I'm not quite sure about this, since, for example, there must be a
>>> way to add new users like http after installing apache. How should this be
>>> done without a post-install-script?
>>
>> I always thought that "this package needs users X,Y and Z" was handled
>> via some metadata in the package description, not via scripts per se.
>> Maybe I'm wrong on that too.
>
> Such things are handled via install scripts[0], called by pacman when
> (un)installing/upgrading packages... and yes, packagers can put
> arbitrary code in there. (postfix exmaple[1])
>
I see. Good to know.
The premise for my whole hypothetical was thus dismissed and I hang my
head in shame ;).
Regards,
More information about the arch-general
mailing list