[Slackbuilds-users] How to contribute ?
Phillip Warner
pc_warner at yahoo.com
Sun Jan 4 18:24:10 UTC 2009
For those concerned about the possible security implications of running SlackBuilds as root I will share part of my method of using SBo.
I always read through the scripts thoroughly unless I am already familiar with the script and author.
When I test scripts (both mine and others) I run them as my normal user first. Simply comment out the "chown root:root" line and change $TMP from /tmp/SBo to ~/tmp/SBo. I carefully check for any errors. Any files trying to be written outside of DESTDIR will cause errors. I also run my pkg-sanity script against the created package to check which system files (if any) will be overwritten, and I check the perms of the files. Missing an executable bit on /etc can cause some temporary havoc on your system.
Also, whenever a new version of a SlackBuild is released I always diff it with the previous version. This quickly allows me to see what has changed and often I will catch errors (such as a chown line still commented out). People who submit SlackBuild should diff the official SBo versions of their scripts to see how they were modified (if at all).
--phillip
More information about the SlackBuilds-users
mailing list