Friedrich Delgado Friedrichs <friedel@nomaden.org> writes:
[...]
> It all went very smooth and easy, the only slight annoyance was that
> scsh-install-pkg does not allow me to *compile* stuff as non-root
> and afterwards *install* it as root.
This could be added, but I first need to be convinced that this is
indeed necessary, which I'm not really right now :-).
> This is both a potential security hazard (because the system
> administrator has to inspect everything that happens in the build
> phase to determine if the package can be trusted and not only the
> install steps, which means the risk for malicious actions to remain
> unnoticed is much higher)
I don't really buy this, for two reasons:
1. Nothing forces you to perform installation as root. It's actually
very easy to set up a user with write access to a single directory
which serves as a software repository (say /usr/local/stow) and
have this user perform all compilations/installations. Once the
software is installed, the appropriate symbolic links from
/usr/local/{bin,man,share,...} can be created by root (or some
other user). This is both easier than reading makefiles, and more
secure. And it can be made even more secure by creating a new user
for every installed software.
2. If you are really worried about malicious code, then you should
read the *whole* makefile, *and* the whole source code of the
program anyway, because even as somebody else than root it can do
nasty stuff.
Moreover, at least the Fink package manager performs *both*
compilation and installation as root. Maybe it's different with
Debian, I don't know.
> and an inconvenience, since it conflicts with existing packaging
> systems (e.g. bkhl pointed out that he couldn't separate the compile
> phase and the install phase for a debian package that way).
Ok, this could indeed be a problem, provided that it's really
necessary to separate the two. So I need to be explained why this is
necessary, i.e. why providing a dummy, do-nothing command for the
compilation phase doesn't work.
Thanks,
Michel.
|