[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Another pbuilder run finished

On Thu, Jan 02, 2003 at 09:11:38PM +0900, Junichi Uekawa wrote:
> > > > Actually, the root requirement was a reason for me not to use
> > > > pbuilder.
> > 
> > Ditto. I don't really want to trust arbitrary build scripts written by 
> > people I don't know to run as root on my machine.
> 
> That's FUD, so please do avoid spreading it. :)
> 
> pbuilder does run build under fakeroot when you 
> configure it to be.
> 
> pbuilder itself runs under root.

I might be completely wrong here, but pbuilder would appear to have a
better (but maybe slower) security model because it unpacks a new root
filesystem for every package built, making it impossible to have a
trojan horse or something already on the filesystem (perhaps from a
previous build) do nasty and unexpected things.
--
Brian May <bam@debian.org>
Reply to: