makechrootpkg: load makepkg.conf as unprivileged user (!114) · Merge requests · Arch Linux / devtools

Alad Wenter requested to merge alad/devtools:master into master Sep 09, 2022

Before this commit makechrootpkg would read HOME from the makepkg (unprivileged) user through getent(1), to source a file in that home directory directly as the makechrootpkg user.

Since makechrootpkg typically runs as root, this allowed a user to escalate privileges even if HOME is reset to /root.

Avoid this by running load_makepkg_config as the makepkg user and loading the values with printf -v.

Edited Sep 09, 2022 by Alad Wenter

Admin message

makechrootpkg: load makepkg.conf as unprivileged user

Merge request reports