[Slackbuilds-users] a general question about the SlackBuilds
Iskar Enev
iskar.enev at gmail.com
Sun May 6 11:17:41 UTC 2007
Hello,
I friend of mine has brought up a question about the SlackBuilds and i
think he may be right.
The scripts, the way they are made by Patrick and by slackbuilds.org,
are supposed to be run as root. Running 'make install' as root could
pose security issues, at least - some sources with bad Makefiles could
place files outside $DESTDIR without the package builder be aware of it.
As user this problem can be avoided, but the script has to be "split" in
two parts - first, run as user, before the 'makepkg' command and second
one, run as root, where one changes the ownership and permissions of
files and directories and runs 'makepkg.'
Of course there would be some problems - such script will require su or
sudo, and if the 'make install' command creates some special ownership
the package builder has to fix it manually. Example for the latter -
mysql and the ownership of /var/lib/mysql.
I'm not aware if that has been discussed previously, or is considered as
a minor problem, but let me know of your opinion anyway.
Regards,
Iskar Enev
More information about the Slackbuilds-users
mailing list