Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#9756 - makepkg building as nobody

Attached to Project: Arch Linux
Opened by pajaro (pajaro) - Tuesday, 04 March 2008, 07:04 GMT
Last edited by Dan McGee (toofishes) - Tuesday, 04 March 2008, 22:50 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version 2007.08-2
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

In the chat I shared the idea of building packages from aur with a special user to isolate building packages from my default user, since a makepkg can look clean, but the attackar may have put code in other areas of the building process (like the makefiles). There they suggested using nobody as the default user for makepkg and opening a task here to request building as nobody as the standard behaviour of makepkg.

So, should makepkg build as nobody by default?
This task depends upon

Closed by  Dan McGee (toofishes)
Tuesday, 04 March 2008, 22:50 GMT
Reason for closing:  Won't implement
Additional comments about closing:  See comments for details. Building as an alternate user or in a chroot would provide better security and does not require makepkg to always run as root.
Comment by Jan de Groot (JGC) - Tuesday, 04 March 2008, 08:01 GMT
It's your own responsibility to build with a user of your choice. If you build as root, it's your problem. The prefered way of building packages is using an account and fakeroot.
Comment by Roman Kyrylych (Romashka) - Tuesday, 04 March 2008, 09:06 GMT
Jan, I think he meant something like rm -rf ~ in Makefile.
However, I don't think makepkg should build as nobody - this removes the possibility to define local user settings for makepkg.
Comment by Jan de Groot (JGC) - Tuesday, 04 March 2008, 09:34 GMT
Forcing makepkg to run as nobody makes it only executable to root also. About the rm -rf ~ thing: don't use your main account if you're paranoid about these things, su - to a different account, then build as that user. Worst thing that can happen is that it deletes your homedirectory which only contains the package you're trying to build.
Comment by Pierre Schmitz (Pierre) - Tuesday, 04 March 2008, 12:35 GMT
Maybe the best solution would be extending makepkg to built within a chroot environment. Perhaps the scripts included in our devtools can help here.
Comment by Dan McGee (toofishes) - Tuesday, 04 March 2008, 16:49 GMT
Feature creep if we incorporate chroot building into makepkg itself, which is something I'd like to avoid. I shouldn't need a full unionfs and chroot install to run a 2 line PKGBUILD that installs one script.

I think having external scripts to handle chroot builds are the correct way to handle this, and/or setting up a second user for building packages. I'd like to close this as "won't implement" if no one objects.
Comment by Roman Kyrylych (Romashka) - Tuesday, 04 March 2008, 17:06 GMT
no objections from me
Comment by pajaro (pajaro) - Tuesday, 04 March 2008, 22:31 GMT
no objections here either

Loading...