[pacman-dev] Security vuln. in makepkg?

Mohammad_AlSaleh ce.mohammad.alsaleh at gmail.com
Sun Sep 6 10:02:29 UTC 2015


On Fri, Sep 04, 2015 at 07:33:27PM -0400, Daniel Micay wrote:
> Either way, the package can do whatever it wants as root when it's
> installed. Building in a container is to provide protection from stupid
> mistakes, not an attacker.
> 

It think it would be useful if pacman warned against packages
containing setuid/setgid binaries.


More information about the pacman-dev mailing list