Skip to content

makechrootpkg: load makepkg.conf as unprivileged user

Alad Wenter requested to merge alad/devtools:master into master

Before this commit makechrootpkg would read HOME from the makepkg (unprivileged) user through getent(1), to source a file in that home directory directly as the makechrootpkg user.

Since makechrootpkg typically runs as root, this allowed a user to escalate privileges even if HOME is reset to /root.

Avoid this by running load_makepkg_config as the makepkg user and loading the values with printf -v.

Edited by Alad Wenter

Merge request reports

Loading