Historical bug tracker for the Pacman package manager.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
FS#5747 - security: pacman a bit more verbose by default
Attached to Project:
Pacman
Opened by pajaro (pajaro) - Friday, 03 November 2006, 11:41 GMT
Last edited by Roman Kyrylych (Romashka) - Wednesday, 10 January 2007, 01:13 GMT
Opened by pajaro (pajaro) - Friday, 03 November 2006, 11:41 GMT
Last edited by Roman Kyrylych (Romashka) - Wednesday, 10 January 2007, 01:13 GMT
|
DetailsWhen you run pacman it does many operations silently (ldconfig, run install script of the package).
Since AUR is out there, the chance of getting a malicious PKGBUILD is there. It would help a lot having pacman when he is running ldconfig and other tasks to help detect strange behaviors. If i see my hd led flashing crazily in ldconfig, that's normal. If I see the led flashing crazily in a package install script... suspicious. Keep in mind that obfuscated code exists. |
This task depends upon
Closed by Aaron Griffin (phrakture)
Monday, 12 February 2007, 09:16 GMT
Reason for closing: Implemented
Additional comments about closing: pacman 3 (in CVS) does not run ldconfig as often, in addition, the --debug parameter will give you all the verbosity you need. Adding excess verbosity is not a security fix. If you want security, only use 'SAFE' AUR packages, that's WHY they are marked safe.
Monday, 12 February 2007, 09:16 GMT
Reason for closing: Implemented
Additional comments about closing: pacman 3 (in CVS) does not run ldconfig as often, in addition, the --debug parameter will give you all the verbosity you need. Adding excess verbosity is not a security fix. If you want security, only use 'SAFE' AUR packages, that's WHY they are marked safe.