FS#5747 - security: pacman a bit more verbose by default
Attached to Project:
Pacman
Opened by pajaro (pajaro) - Friday, 03 November 2006, 11:41 GMT
Last edited by Roman Kyrylych (Romashka) - Wednesday, 10 January 2007, 01:13 GMT
Opened by pajaro (pajaro) - Friday, 03 November 2006, 11:41 GMT
Last edited by Roman Kyrylych (Romashka) - Wednesday, 10 January 2007, 01:13 GMT
|
Details
When you run pacman it does many operations silently
(ldconfig, run install script of the package).
Since AUR is out there, the chance of getting a malicious PKGBUILD is there. It would help a lot having pacman when he is running ldconfig and other tasks to help detect strange behaviors. If i see my hd led flashing crazily in ldconfig, that's normal. If I see the led flashing crazily in a package install script... suspicious. Keep in mind that obfuscated code exists. |
This task depends upon
Closed by Aaron Griffin (phrakture)
Monday, 12 February 2007, 09:16 GMT
Reason for closing: Implemented
Additional comments about closing: pacman 3 (in CVS) does not run ldconfig as often, in addition, the --debug parameter will give you all the verbosity you need. Adding excess verbosity is not a security fix. If you want security, only use 'SAFE' AUR packages, that's WHY they are marked safe.
Monday, 12 February 2007, 09:16 GMT
Reason for closing: Implemented
Additional comments about closing: pacman 3 (in CVS) does not run ldconfig as often, in addition, the --debug parameter will give you all the verbosity you need. Adding excess verbosity is not a security fix. If you want security, only use 'SAFE' AUR packages, that's WHY they are marked safe.