[pacman-dev] system to obviate need for DESTDIR hacks and improve PKGBUILD security

[James Pike]

Hi,

I've just release a system call interceptor system to freshmeat that uses 
LD_PRELOAD style wrappers to intercept and modify system calls. No root
priveleges or chroot needed.

I'm just finishing work now on a plugin for it that redirects system
call writes and other file modifying events to a different directory
offset:

for example now when you do:

make DESTDIR="$pkgdir" install

You could do

pito redirect -d"$pkgdir" make install

There are some pretty large hacks and patches necessary in some PKGBUILDs to
get packages to respect DESTDIR which would be no longer necessary if
they utilised pito.

pito redirect also fakes the root user and captures operations like
"chmod" and "chown" so:

pito redirect -upacman -d"$pkgdir" make install

When run as root.. will run the "make install" as the user pacman, and
then after the operation is finished will use its root privileges to
chown files securely within $pkgdir as necessary. I believe arch 
currently runs install operations as root so the above method
would increase security as it would remove the ability for packages to
write to the file system in any way other than to $pkgdir (any writes
that could theoretically escape the sandbox would only be as a user
with low privileges anyway).

There are also flags to allow writes to certain directories and remove
default some basic needed allowed writes such as to /dev etc.

I hope this project will be of use! The website for pito is
http://chilon.net/pito.

-- 
+44 (0) 7974 159 643 | james at chilon.net | http://chilon.net