[Slackbuilds-users] a general question about the SlackBuilds
alkos333
me at alkos333.net
Sun May 6 17:34:56 UTC 2007
That's the whole idea behind the approval process. The scripts are
carefully analyzed and run both as a non-root and a root on the testing
virtual machines to make sure they pose no threat. The sources are checked
as well and md5 hashes are used to ensure their integrity.
On 5/6/07, Iskar Enev <iskar.enev at gmail.com> wrote:
>
> Hello,
>
> I friend of mine has brought up a question about the SlackBuilds and i
> think he may be right.
>
> The scripts, the way they are made by Patrick and by slackbuilds.org,
> are supposed to be run as root. Running 'make install' as root could
> pose security issues, at least - some sources with bad Makefiles could
> place files outside $DESTDIR without the package builder be aware of it.
>
> As user this problem can be avoided, but the script has to be "split" in
> two parts - first, run as user, before the 'makepkg' command and second
> one, run as root, where one changes the ownership and permissions of
> files and directories and runs 'makepkg.'
>
> Of course there would be some problems - such script will require su or
> sudo, and if the 'make install' command creates some special ownership
> the package builder has to fix it manually. Example for the latter -
> mysql and the ownership of /var/lib/mysql.
>
> I'm not aware if that has been discussed previously, or is considered as
> a minor problem, but let me know of your opinion anyway.
>
>
> Regards,
> Iskar Enev
> _______________________________________________
> Slackbuilds-users mailing list
> Slackbuilds-users at slackbuilds.org
> http://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20070506/d2a97533/attachment-0002.html
More information about the Slackbuilds-users
mailing list