[arch-general] Why is it dangerous to run makepkg as root?
ushi
ushi+arch at honkgong.info
Sat May 17 09:02:38 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 17.05.2014 14:40, schrieb Roland Tapken:
> Hi,
>
> I'm using arch for about half a year on a few systems, but every
> time I install something from aur I'm asking myself one question:
>
> Why is it considered dangerous to run makepkg as root?
>
> My first guess was that the PKGBUILD usually comes from an
> untrusted source and may contain code to attack my system (copy
> personal data or install a rootkit or something like that). But on
> the other hand, this file tells makepkg how to build the package
> that will be installed as root, so if the author of the PKGBUILD
> has bad purposes he will just put that code into the created
> package.
>
> The second idea is that this advice should prevent the script from
> *accidentally* damage my system. But this could be prevented by
> using fakeroot (which is disabled when calling makepkg with
> --asroot according to the manpage) or chroot. And actually the
> proper advice in this case should be to execute makepkg using a
> user dedicated for this, as for most arch users it would be worse
> if their personal file get deleted as if the system becomes
> unbootable.
>
> Regards,
>
> Roland
>
Hey Roland,
there is a general security principle called "Principle of least
privilege", which roughly says, that one should give a
user/process/... only the minimum of privileges it neads to accomplish
its tasks.
makepkg does not need root privileges to build packages, so do not
give those to it. makepkg does a lot of crazy things - downloading
stuff, excuting scripts and complex programs (compilers, ...) - a
single bug in one of those can render your system unusable, when
executed as root.
I think your idea of a dedicated user is great and would implement the
principle mentioned above even better.
[0] https://en.wikipedia.org/wiki/Principle_of_least_privilege
Cheers, ushi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJTd13uAAoJEAAoDO4PlX3gjLMP/iR+JhKPygx49kFTNktgEbt7
r97BJcHUgPnglRl+w7LjHOJYSYRuNt7FclDK5l4iK0Kog0yrBqohL2wVsIa/ehTF
jm/npxpjD0RWtr8nKSTyujlB/deVCV+TiHao+NiRbDFhkORhx8R7ohAw3pgwG8j6
vXkWpZ3NbOxx7G76xXd9YF9dqCFEddIFZ2gFgXaOgaRuMWAe5SdpW1fvpyRcv37v
QJdbnzlQoafkTCZKF98inuf2lJKTYBHfaOZJsh3Q5KUS1a6a/qBIvqNQdWNPu1la
FtBwwEQ3ku5XeldLi2D0wH4ZRsSBsqCxjXqav/PDyxUDBiTmfBllAToq6o4mGsCM
zPCc/P7JvLMNIwMSxf6rXg8lEEIUP867Srx91hY5hdQeINfS1BoX67vq+5FuI5+Q
voBfwxl+nSVPdeYydg12xsF91LNW1gUgSd6nVDHcOZX1gPxjZvA3Qin6EYf50pP7
8qVuxzp8qboxmsECKRZgMaAzenGBK482hGjPIkhgQ/n+uU46tGOHlmY1E4QstCoo
rzovvzelN0bRdphsClYGmoT4gm/Axbnbhti4WkXYjVjfz8RK6yujV5b3VIdkoPM5
QWJdrbW5wb2Mm2Rvi9UUSqXy6LvK89d0ue2Nu/P4WubbUhq4ZcfKii2UeqJH5fk3
ahUmNW9MEiYJcGXpEoxH
=pbJr
-----END PGP SIGNATURE-----
More information about the arch-general
mailing list