[Slackbuilds-users] a general question about the SlackBuilds

Iskar Enev iskar.enev at gmail.com
Sun May 6 11:17:41 UTC 2007


Hello,

I friend of mine has brought up a question about the SlackBuilds and i 
think he may be right.

The scripts, the way they are made by Patrick and by slackbuilds.org, 
are supposed to be run as root. Running 'make install' as root could 
pose security issues, at least - some sources with bad Makefiles could 
place files outside $DESTDIR without the package builder be aware of it.

As user this problem can be avoided, but the script has to be "split" in 
two parts - first, run as user, before the 'makepkg' command and second 
one, run as root, where one changes the ownership and permissions of 
files and  directories and runs 'makepkg.'

Of course there would be some problems - such script will require su or
sudo, and if the 'make install' command creates some special ownership 
the package builder has to fix it manually. Example for the latter - 
mysql and the ownership of /var/lib/mysql.

I'm not aware if that has been discussed previously, or is considered as 
a minor problem, but let me know of your opinion anyway.


Regards,
Iskar Enev



More information about the Slackbuilds-users mailing list