Sudo usage detection in the scripts as security measures?

[Akrai]

Hi, just got concerned about the risks of sudo loops. It is convenient but has the risk that you could get "attacked" with malicious or just wrong sudo codes in the build scripts. Yes, you should always read the scripts before building but you don't always do, and as i said sudo loops are very convenient to let updating packages automatically without prompts. So i thought there could may be a security measure to prevent this risk without disabling the loop, maybe build using some kind of temp user different than the one with the sudo loop so sudo in the scripts wont work, or maybe run a sudo usage detection previously to the building process, i don't know What do you think?

[polygamma]

You are right, sudo loops in the background can surely be a security problem, but aurman is not really under active development like it was ~1 year ago, and I don't feel like implementing such a big, new feature is worth the effort. You basically only need to read the PKGBUILDs, .install files etc. once fully, after that one time, aurman is going to show the diffs of the new versions, so it's usually a 2 second read per changed package. And if one is really that concerned, it's already possible to disable the background loop completely.

[eli-schwartz]

Temp users are supreme overkill and only pikaur attempts to badly implement this sort of isolation when makechrootpkg exists.

OTOH I do think that the sudo loop should be turned off by default -- offering users the choice to activate it is one thing, making it be active by default is another thing entirely.

[AladW]

So uh, with https://github.com/polygamma/aurman/commit/caef826ed9f971fe79143e7e0f703fad1ca659bd and the issues open again, is the "development notice" still of relevance?

[polygamma]

So uh, with caef826 and the issues open again, is the "development notice" still of relevance?

It's not :)