Re: Another pbuilder run finished
On Thu, Jan 02, 2003 at 09:11:38PM +0900, Junichi Uekawa wrote:
> > > > Actually, the root requirement was a reason for me not to use
> > > > pbuilder.
> >
> > Ditto. I don't really want to trust arbitrary build scripts written by
> > people I don't know to run as root on my machine.
>
> That's FUD, so please do avoid spreading it. :)
>
> pbuilder does run build under fakeroot when you
> configure it to be.
>
> pbuilder itself runs under root.
I might be completely wrong here, but pbuilder would appear to have a
better (but maybe slower) security model because it unpacks a new root
filesystem for every package built, making it impossible to have a
trojan horse or something already on the filesystem (perhaps from a
previous build) do nasty and unexpected things.
--
Brian May <bam@debian.org>
Reply to: