[Slackbuilds-users] How to contribute ?
pc_warner at yahoo.com
Sun Jan 4 18:24:10 UTC 2009
For those concerned about the possible security implications of running SlackBuilds as root I will share part of my method of using SBo.
I always read through the scripts thoroughly unless I am already familiar with the script and author.
When I test scripts (both mine and others) I run them as my normal user first. Simply comment out the "chown root:root" line and change $TMP from /tmp/SBo to ~/tmp/SBo. I carefully check for any errors. Any files trying to be written outside of DESTDIR will cause errors. I also run my pkg-sanity script against the created package to check which system files (if any) will be overwritten, and I check the perms of the files. Missing an executable bit on /etc can cause some temporary havoc on your system.
Also, whenever a new version of a SlackBuild is released I always diff it with the previous version. This quickly allows me to see what has changed and often I will catch errors (such as a chown line still commented out). People who submit SlackBuild should diff the official SBo versions of their scripts to see how they were modified (if at all).
More information about the SlackBuilds-users