[pacman-dev] makepkg security

Thomas Bächler thomas at archlinux.org
Fri Jul 10 11:25:18 EDT 2009


This continues a thread on arch-general:

Thomas Bächler schrieb:
>>> I agree. The question is not about makepkg security, but about sudo
>>> security. And frankly, sudo is a security desaster in its default
>>> configuration.
>>
>> Any suggestions for changing / shipping a better default config file?
>> I know little about the security implications of this, but I think we
>> should ship a decent default if possible.
> 
> Our policy is usually to ship whatever upstream ships. IMO, a good 
> default would be to set sudo to require the root password (not the user 
> password) and not cache any passwords at all.
> 
> Also, I think instead of using sudo in makepkg, we should use su by 
> default (with an option to enable sudo). su always has a good default 
> configuration requiring the root password (it's also possible to set it 
> to allow password-less su in the pam configuration, but everyone who 
> does that is crazy anyway).

The original complaint was that when using makepkg -sic, the sudo 
password is cached after dependency installation and malicious sudo 
commands might be executed during build() as the password is cached.

My opinion on this is that we should not encourage people to use sudo, 
Aaron suggested to move it here for further discussion. What do you think?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://www.archlinux.org/pipermail/pacman-dev/attachments/20090710/8d113ddb/attachment.pgp>


More information about the pacman-dev mailing list