[baker-baker] unpacked source packages
T. Onoma
transami at runbox.com
Wed Dec 3 09:07:02 EST 2003
On Wednesday 03 December 2003 03:46 pm, Mika Pesu wrote:
>
> i think we can compile as normal because by compiling some stuff it
> doesnt execute any build binary yet.
>
> so build process would come like this:
> ./configure
> make
> dir snapshot
> chroot
> make install
> exit chroot
> dir snapshot
>
> those dir snapsnot arent essential,because we keep track what will be
> copied to chroot,just need libs to get install util to work
the problem I'm worried about though it that baker is running a general shell
script. if some evil doer were to stick this in a recipe:
compile_script: |
cd /etc
rm -R -f *
Or something like that, it could be very bad. Unless I'm not understanding. I
would really like to prevent such possibilities. I imagine we could prevent
bake from running as root somehow, even if the user is root. This would help.
I'm just not very familiar with this kind of stuff.
Another project I found, although its a little terse to understand.
http://www.linsec.org
T.
More information about the Baker-baker
mailing list