On Wed, Apr 14, 2010 at 10:53:45AM -0600, Gary Wright wrote: > On Wed, 2010-04-14 at 08:16 -0500, Burlynn Corlew Jr (velcroshooz) > wrote: > > On Wed, Apr 14, 2010 at 8:12 AM, Carlos Mennens <carloswill@xxxxxxxxx>wrote: > > > > > I am getting ready to use my newly built Arch Linux system for the 1st > > > time and use AUR and read the Wiki but I have a question that I am not > > > clear on: > > > > > > Next choose an appropriate build directory. A build directory is > > > simply a directory where the package will be made or "built" and can > > > be any directory. Examples of commonly used directories are: > > > > > > ~/builds > > > > > > Now when I create the "~/builds" directory, does it matter if I do > > > this in a regular user's home directory or in 'roots'? It is not very > > > clear and I don't want to break anything or improperly build a package > > > from AUR. > > > > > > > I dont know if your using an aur helper or using makepkg alone, but i would > > use ~/builds in a users' directory. running makepkg as root is bad > > practice. > > I don't see that anybody has touched on this, but the reason that > running makepkg as a regular user is best is because AUR pkgbuilds are > not checked for malicious code before being made available for download. > There is a great community of TUs and AUR users that will usually spot > bad pkgbuilds before anyone is affected, but it is ultimately the > end-user's obligation to check the pkgbuild/install scripts for bad > code. Having the build() func execute rm -rf / doesn't do quite as much > when you're a normal user. Root, however, can destroy a system that > way. I disagree: this is not an adequate justification. Why not? Because suppose the package gets built ok. What are you going to do then? Install it with root privileges---which will lead to the install script's being run with root privileges, or alternatively to any binary the packager wants being installed setuid and owned by root. Your only protection against this is to trust the source (and the url from which it's downloaded) and trust/review the PKGBUILD and install scripts. You might as well do that before running makepkg, as after running makepkg but before running "sudo pacman -U newpackage.pkg.tar.gz". That's your only protection against anything malicious. The advantage of not building as root is in case something is broken in the PKGBUILD or Makefile, this puts up some additional protective barriers. A malicious maintainer would only need a bit of obfuscation and cleverness to bury his payload in the parts of the process that are run as root. Anyway, that's how I understand it. I've broken a few PKGBUILDs and Makefiles myself. For instance, you want to be sure your "make install" targets respect DESTDIR. If you leave that out, and run make install as a normal user, the step will fail and you'll just get an error about not having privileges (yet) to write to /usr/bin/whatever. If you run make install as root, though, the files will get written to /usr/bin/whatever, possibly overwriting what's there, and won't be tar'd up when $pkgdir is compressed. This is the kind of flimsy but helpful protection you get from running makepkg as a normal user. -- Jim Pryor profjim@xxxxxxxxxxxx