On 2014-05-17 14:40, Roland Tapken wrote: > Hi, > > I'm using arch for about half a year on a few systems, but every time I > install something from aur I'm asking myself one question: > > Why is it considered dangerous to run makepkg as root? > > My first guess was that the PKGBUILD usually comes from an untrusted source and > may contain code to attack my system (copy personal data or install a rootkit > or something like that). But on the other hand, this file tells makepkg how to > build the package that will be installed as root, so if the author of the > PKGBUILD has bad purposes he will just put that code into the created package. > Maybe I've missed something reading through this thread, but *assuming* (yeah, I know) that packages can't run arbitrary scripts at install time (which I think is a valid assumption for pacman), there is a slight theoretical advantage to the current behavior in that if you never run $NEW_PACKAGE *as root* then your system cannot be compromised quite as extensively as if you had run PKGBUILD as root (which would allow completely arbitrary commands as root, either through a malicious PKGBUILD or other attack channels such as an exploitable gcc, etc.). Of course an attacker can still (via the build executables) delete all the files you actually care about ($HOME) or install trojans into your $HOME/bin (etc.), but still... If you discover such a comprosmise you'd "only" have to delete your $HOME and restore from backup[0], whereas a root compromise would require a full reinstall of everything. Regards, /b [0] Actually, there have been quite a few "local user -> root" exploits of the Linux kernel, so really you should wipe everything and reinstall from scratch anyway. Remember, I'm only speaking theoretically in the above.
