[pacman-dev] Security vuln. in makepkg?

Daniel Micay danielmicay at gmail.com
Sun Sep 6 15:57:11 UTC 2015

On 06/09/15 06:02 AM, Mohammad_AlSaleh wrote:
> On Fri, Sep 04, 2015 at 07:33:27PM -0400, Daniel Micay wrote:
>> Either way, the package can do whatever it wants as root when it's
>> installed. Building in a container is to provide protection from stupid
>> mistakes, not an attacker.
> It think it would be useful if pacman warned against packages
> containing setuid/setgid binaries.

That's not what I'm talking about. A package gets to do whatever it
wants as root when it's installed without having any setuid binaries.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20150906/21e0f47d/attachment.asc>

More information about the pacman-dev mailing list