-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 17.05.2014 14:40, schrieb Roland Tapken: > Hi, > > I'm using arch for about half a year on a few systems, but every > time I install something from aur I'm asking myself one question: > > Why is it considered dangerous to run makepkg as root? > > My first guess was that the PKGBUILD usually comes from an > untrusted source and may contain code to attack my system (copy > personal data or install a rootkit or something like that). But on > the other hand, this file tells makepkg how to build the package > that will be installed as root, so if the author of the PKGBUILD > has bad purposes he will just put that code into the created > package. > > The second idea is that this advice should prevent the script from > *accidentally* damage my system. But this could be prevented by > using fakeroot (which is disabled when calling makepkg with > --asroot according to the manpage) or chroot. And actually the > proper advice in this case should be to execute makepkg using a > user dedicated for this, as for most arch users it would be worse > if their personal file get deleted as if the system becomes > unbootable. > > Regards, > > Roland > Hey Roland, there is a general security principle called "Principle of least privilege", which roughly says, that one should give a user/process/... only the minimum of privileges it neads to accomplish its tasks. makepkg does not need root privileges to build packages, so do not give those to it. makepkg does a lot of crazy things - downloading stuff, excuting scripts and complex programs (compilers, ...) - a single bug in one of those can render your system unusable, when executed as root. I think your idea of a dedicated user is great and would implement the principle mentioned above even better. [0] https://en.wikipedia.org/wiki/Principle_of_least_privilege Cheers, ushi -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJTd13uAAoJEAAoDO4PlX3gjLMP/iR+JhKPygx49kFTNktgEbt7 r97BJcHUgPnglRl+w7LjHOJYSYRuNt7FclDK5l4iK0Kog0yrBqohL2wVsIa/ehTF jm/npxpjD0RWtr8nKSTyujlB/deVCV+TiHao+NiRbDFhkORhx8R7ohAw3pgwG8j6 vXkWpZ3NbOxx7G76xXd9YF9dqCFEddIFZ2gFgXaOgaRuMWAe5SdpW1fvpyRcv37v QJdbnzlQoafkTCZKF98inuf2lJKTYBHfaOZJsh3Q5KUS1a6a/qBIvqNQdWNPu1la FtBwwEQ3ku5XeldLi2D0wH4ZRsSBsqCxjXqav/PDyxUDBiTmfBllAToq6o4mGsCM zPCc/P7JvLMNIwMSxf6rXg8lEEIUP867Srx91hY5hdQeINfS1BoX67vq+5FuI5+Q voBfwxl+nSVPdeYydg12xsF91LNW1gUgSd6nVDHcOZX1gPxjZvA3Qin6EYf50pP7 8qVuxzp8qboxmsECKRZgMaAzenGBK482hGjPIkhgQ/n+uU46tGOHlmY1E4QstCoo rzovvzelN0bRdphsClYGmoT4gm/Axbnbhti4WkXYjVjfz8RK6yujV5b3VIdkoPM5 QWJdrbW5wb2Mm2Rvi9UUSqXy6LvK89d0ue2Nu/P4WubbUhq4ZcfKii2UeqJH5fk3 ahUmNW9MEiYJcGXpEoxH =pbJr -----END PGP SIGNATURE-----
