On 2014-05-17 15:49, Bardur Arantsson wrote:
On 2014-05-17 22:08, Bardur Arantsson wrote:
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Even if your assumption about pacman is correct: Just let the
malicious
PKGBUILD write a file into /etc/cron.d/, /etc/systemd or something
like that
在 2014-5-18,4:49,Bardur Arantsson 写道:
> Hm. Rethinking this I was going to say something about listing (and
> screening) all the files that a package *would* install, but it seems
> that it's not possible to list files installed by a package before
> installing it...?
>
> (pacman -Ql only accept
On 17/05/14 03:12 PM, Bardur Arantsson wrote:
> On 2014-05-17 14:40, Roland Tapken wrote:
>> Hi,
>>
>> I'm using arch for about half a year on a few systems, but every time I
>> install something from aur I'm asking myself one question:
>>
>> Why is it considered dangerous to run makepkg as root?
On Sat, May 17, 2014 at 5:40 AM, Roland Tapken wrote:
> My first guess was that the PKGBUILD usually comes from an untrusted source
> and
> may contain code to attack my system (copy personal data or install a rootkit
> or something like that).
I think that the point isn't that you're not suppos
On 2014-05-17 22:55, ushi wrote:
> Am 17.05.2014 22:08, schrieb Bardur Arantsson:
>> On 2014-05-17 21:50, Roland Tapken wrote:
>>> Hi Bardur,
>>>
Maybe I've missed something reading through this thread, but *assuming*
(yeah, I know) that packages can't run arbitrary scripts at install tim
Following up on installing Archlinux
Preface to the Appendix of this thread, with thanks and deference to those
who have helped so far: I am definitely not up to speed on the nuts and
bolts of GNU/Linux, I am a user, needing to get this tool working. That
being said, I have Archlinux working now,
Am 17.05.2014 22:08, schrieb Bardur Arantsson:
> On 2014-05-17 21:50, Roland Tapken wrote:
>> Hi Bardur,
>>
>>> Maybe I've missed something reading through this thread, but *assuming*
>>> (yeah, I know) that packages can't run arbitrary scripts at install time
>>> (which I think is a valid assumpti
On 2014-05-17 22:08, Bardur Arantsson wrote:
> On 2014-05-17 21:50, Roland Tapken wrote:
>> Hi Bardur,
>>
>> Even if your assumption about pacman is correct: Just let the malicious
>> PKGBUILD write a file into /etc/cron.d/, /etc/systemd or something like that
>> and you're doomed. No need for pr
On 2014-05-17 21:50, Roland Tapken wrote:
> Hi Bardur,
>
>> Maybe I've missed something reading through this thread, but *assuming*
>> (yeah, I know) that packages can't run arbitrary scripts at install time
>> (which I think is a valid assumption for pacman),
>
> Is this so? I don't know since I
Hi Bardur,
> Maybe I've missed something reading through this thread, but *assuming*
> (yeah, I know) that packages can't run arbitrary scripts at install time
> (which I think is a valid assumption for pacman),
Is this so? I don't know since I've only scratched the surface of arch until
now. Bu
On 2014-05-17 14:40, Roland Tapken wrote:
> Hi,
>
> I'm using arch for about half a year on a few systems, but every time I
> install something from aur I'm asking myself one question:
>
> Why is it considered dangerous to run makepkg as root?
>
> My first guess was that the PKGBUILD usually co
On Sun, May 18, 2014 at 12:57 AM, Bigby James wrote:
> On 05/17, Dimitris Zervas wrote:
>> On May 17, 2014 5:22:32 PM EEST, Roland Tapken wrote:
>>
>> BTW: Another good idea that would be helpful is add comments on installed
>> packages on pacman. e.g. why did you install them. But that's anothe
'--asroot' option has recently been removed.
https://projects.archlinux.org/pacman.git/commit/?id=61ba5c961e4a3536c4bbf41edb348987a9993fdb
Need to check if arch-install-media runs as root, know of course you
could add user but it might make things a little difficult if you need
an aur application
On Sat, May 17, 2014 at 03:49:49PM +0300, Dimitris Zervas wrote:
>
>
> >The second idea is that this advice should prevent the script from
> >*accidentally* damage my system. But this could be prevented by using
> >fakeroot
> >(which is disabled when calling makepkg with --asroot according to
On 05/17, Dimitris Zervas wrote:
> On May 17, 2014 5:22:32 PM EEST, Roland Tapken wrote:
>
> BTW: Another good idea that would be helpful is add comments on installed
> packages on pacman. e.g. why did you install them. But that's another thread
>
No offense, but if you need to ask yourself why
Hi,
> I would really like to help patching, but my time is extremely limited
> (finals in 2 weeks).
>
> Good luck! :)
I'll think I'll have a try, also my time is very limited, too :-)
Regards,
Roland
signature.asc
Description: This is a digitally signed message part.
On May 17, 2014 5:22:32 PM EEST, Roland Tapken wrote:
>Hi,
>
>> A good idea is to automatically change to a much more restricted
>user, used
>> just for building (no shells, logins, etc.).
>
>What do you think about patching yaourt to that it, if executed as
>root, runs
>makepkg as a special use
Hi,
> A good idea is to automatically change to a much more restricted user, used
> just for building (no shells, logins, etc.).
What do you think about patching yaourt to that it, if executed as root, runs
makepkg as a special user? Or changing makepkg to drop it's own privileges if
executed
On 05/17/2014 08:40 AM, Bartłomiej Piotrowski wrote:
Hi guys,
New MariaDB is sitting in [testing] for a while now. It's temporarily
This does trigger this warning in postfix's postmap program:
postmap: /usr/lib/libmysqlclient.so.18: no version information available
(required by postmap)
On Sat, May 17, 2014 at 2:40 PM, Roland Tapken wrote:
> Hi,
>
> I'm using arch for about half a year on a few systems, but every time I
> install something from aur I'm asking myself one question:
>
> Why is it considered dangerous to run makepkg as root?
>
> My first guess was that the PKGBUILD u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 17.05.2014 14:40, schrieb Roland Tapken:
> Hi,
>
> I'm using arch for about half a year on a few systems, but every
> time I install something from aur I'm asking myself one question:
>
> Why is it considered dangerous to run makepkg as root?
>
>
>The second idea is that this advice should prevent the script from
>*accidentally* damage my system. But this could be prevented by using
>fakeroot
>(which is disabled when calling makepkg with --asroot according to the
>
>manpage) or chroot. And actually the proper advice in this case should
Hi,
I'm using arch for about half a year on a few systems, but every time I
install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first guess was that the PKGBUILD usually comes from an untrusted source and
may contain code to atta
23 matches
Mail list logo
