pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg_comp runs everything as root



Jeremy C. Reed wrote:
> On Sun, 23 Apr 2006, Christian Hattemer wrote:
> 
> > In summary: Are there real concerns in this area, or am I just paranoid?
> 
> I would not be concerned. Note that even without pkg_comp the default is 
> to do the installation targets as root and we do trust/allow that.

That's not how I see it. If something doesn't need privileges I don't
run it as root. Plain and simple. I don't want to think about - and
it would be a bad idea to trust one's intuition - whether there *could*
be an issue. If you don't run something as root you just know that
a huge amount of issues don't exist. It's not only a measure to prevent
malice, a simple whitespace can cause an unintended blank filesystem
instead of the intended directory removal. Ever tried "indent /netbsd"
as root, by the way?
 
> As for me, I just manually setup build environment and chroot and do my 
> builds as non-root and installs and packaging as root.
 
> You could do the builds and installs and packaging as non-root too. (And I 
> do that frequently on some systems.) And some packages wont' build 
> though.

I build only those packages I need and I cannot remember seeing any
packages that failed because building and installing as non-root.
In a very few cases, packages need set-UID/GID bits somewhere, a
special user etc. but that's usually obvious from the build log,
the Makefile or the documentation.

Since I don't run anything from pkgsrc as root and the pkgsrc user
can only write in /usr/pkgsrc and /usr/pkg (var/db/pkg is a symlink),
the root account should be fairly safe from pkgsrc. The other acounts
aren't but systrace exists - at least on OpenBSD and NetBSD - it
won't help you anywhere else e.g. Linux.

-- 
Christian

Attachment: pgpHyc0AZFRrV.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index