pkg_comp runs everything as root

To: pkgsrc-users%netbsd.org@localhost
Subject: pkg_comp runs everything as root
From: Christian Hattemer <c.hattemer%arcor.de@localhost>
Date: Sun, 23 Apr 2006 23:27:03 +0200

Hi,

dunno if tech-pkg would be more appropriate, but for starters here it is.

I've finally looked into pkg_comp and it looks indeed nice for experimenting
with pkgsrc or building binary pkgs.

However I feel a bit uncomfortable about running everything as root. I
remember distfiles that got a malicious configure inserted. There's still
the distfile checksum, but the modification might get overlooked by the
developer doing the update. However an even more effective place for such
tampering should be an install script which runs as root anyway. Then the
unprivileged build wouldn't help.

Well, it's inside a chroot, so there shouldn't be much permanent damage, but
backdoor daemons could still run until a reboot.

In summary: Are there real concerns in this area, or am I just paranoid?

Bye, Chris

Follow-Ups:
- Re: pkg_comp runs everything as root
  - From: Johnny Lam
- Re: pkg_comp runs everything as root
  - From: Jeremy C. Reed

Prev by Date: MesaLib in OpenSolaris
Next by Date: Error compiling povray on OS X
Previous by Thread: MesaLib in OpenSolaris
Next by Thread: Re: pkg_comp runs everything as root
Indexes:

Home | Main Index | Thread Index | Old Index