Pacman

Historical bug tracker for the Pacman package manager.

The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues

This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
Tasklist

FS#5747 - security: pacman a bit more verbose by default

Attached to Project: Pacman
Opened by pajaro (pajaro) - Friday, 03 November 2006, 11:41 GMT
Last edited by Roman Kyrylych (Romashka) - Wednesday, 10 January 2007, 01:13 GMT
Task Type Feature Request
Category
Status Closed
Assigned To Aaron Griffin (phrakture)
Architecture not specified
Severity Low
Priority Normal
Reported Version 0.7.2 Gimmick
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

When you run pacman it does many operations silently (ldconfig, run install script of the package).

Since AUR is out there, the chance of getting a malicious PKGBUILD is there.

It would help a lot having pacman when he is running ldconfig and other tasks to help detect strange behaviors.

If i see my hd led flashing crazily in ldconfig, that's normal. If I see the led flashing crazily in a package install script... suspicious.

Keep in mind that obfuscated code exists.
This task depends upon

Closed by  Aaron Griffin (phrakture)
Monday, 12 February 2007, 09:16 GMT
Reason for closing:  Implemented
Additional comments about closing:  pacman 3 (in CVS) does not run ldconfig as often, in addition, the --debug parameter will give you all the verbosity you need. Adding excess verbosity is not a security fix. If you want security, only use 'SAFE' AUR packages, that's WHY they are marked safe.

Loading...