Hi Bardur, > Maybe I've missed something reading through this thread, but *assuming* > (yeah, I know) that packages can't run arbitrary scripts at install time > (which I think is a valid assumption for pacman), Is this so? I don't know since I've only scratched the surface of arch until now. But I'm not quite sure about this, since, for example, there must be a way to add new users like http after installing apache. How should this be done without a post-install-script? > Of course an attacker can still (via the build executables) delete all > the files you actually care about ($HOME) or install trojans into your > $HOME/bin (etc.), but still... If you discover such a comprosmise you'd > "only" have to delete your $HOME and restore from backup[0], whereas a > root compromise would require a full reinstall of everything. Even if your assumption about pacman is correct: Just let the malicious PKGBUILD write a file into /etc/cron.d/, /etc/systemd or something like that and you're doomed. No need for privilege escalation. Regards, Roland
Attachment:
signature.asc
Description: This is a digitally signed message part.
