On Sat, 7 Apr 2018 19:44:40 +0200 Clemens Lang <c...@macports.org> > Remember that Portfiles can execute arbitrary code and root access > is available from Portfiles. We do not want to run arbitrary code > in a PR on the same build machines we use to build packages that we > will distribute to our users. A malicous attacker could modify the > machines in a way that packages built after that will be > miscompiled.
Just a side note: other package building systems have dealt (in various ways) with being able to build things without privileges. For example, the Debian project has a cool tool called "fakeroot" which uses an LD_PRELOADed library to make things being built _think_ they have root privileges when they don't -- actions like chmods and chowns are recorded by the libraries and subsequent "fakerooted" calls that read permissions or ownership or what have you replay what was set earlier. This allows the construction of installation packages that have arbitrary users and permissions set in them without root having been involved in builds. See: https://manpages.debian.org/stretch/fakeroot-ng/fakeroot.1.en.html I believe that "fakeroot" (or at least forks of it) have already been ported to MacOS for use by other projects. I would not suggest that the practice of building packages in isolated VMs be changed, as that provides a lot of nice isolation and security, but it might be nice to steal a tool like "fakeroot" to allow for more flexibility. Perry -- Perry E. Metzger pe...@piermont.com