[pacman-dev] system to obviate need for DESTDIR hacks and improve PKGBUILD security
Allan McRae
allan at archlinux.org
Sun Aug 22 02:32:54 EDT 2010
On 22/08/10 12:37, James Pike wrote:
> I believe arch
> currently runs install operations as root so the above method
> would increase security as it would remove the ability for packages to
> write to the file system in any way other than to $pkgdir (any writes
> that could theoretically escape the sandbox would only be as a user
> with low privileges anyway).
Just to be clear makepkg does not package as root unless the user
explicitly asks for that to be done (and a big warning is printed if
they do ask). Instead we use "fakeroot" to which as its name suggests
provides a fake root environment.
Allan
More information about the pacman-dev
mailing list