Subject: Re: pkg_comp runs everything as root
To: None <pkgsrc-users@NetBSD.org>
From: Christian Biere <email@example.com>
Date: 04/25/2006 00:09:56
Content-Type: text/plain; charset=us-ascii
Jeremy C. Reed wrote:
> On Sun, 23 Apr 2006, Christian Hattemer wrote:
> > In summary: Are there real concerns in this area, or am I just paranoid?
> I would not be concerned. Note that even without pkg_comp the default is=
> to do the installation targets as root and we do trust/allow that.
That's not how I see it. If something doesn't need privileges I don't
run it as root. Plain and simple. I don't want to think about - and
it would be a bad idea to trust one's intuition - whether there *could*
be an issue. If you don't run something as root you just know that
a huge amount of issues don't exist. It's not only a measure to prevent
malice, a simple whitespace can cause an unintended blank filesystem
instead of the intended directory removal. Ever tried "indent /netbsd"
as root, by the way?
> As for me, I just manually setup build environment and chroot and do my=
> builds as non-root and installs and packaging as root.
> You could do the builds and installs and packaging as non-root too. (And =
> do that frequently on some systems.) And some packages wont' build=20
I build only those packages I need and I cannot remember seeing any
packages that failed because building and installing as non-root.
In a very few cases, packages need set-UID/GID bits somewhere, a
special user etc. but that's usually obvious from the build log,
the Makefile or the documentation.
Since I don't run anything from pkgsrc as root and the pkgsrc user
can only write in /usr/pkgsrc and /usr/pkg (var/db/pkg is a symlink),
the root account should be fairly safe from pkgsrc. The other acounts
aren't but systrace exists - at least on OpenBSD and NetBSD - it
won't help you anywhere else e.g. Linux.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v220.127.116.11 (NetBSD)
-----END PGP SIGNATURE-----