Re: Building packages using RPMBUILD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Dec 16, 2010 at 3:49 PM, Leonard den Ottolander
<leonard@xxxxxxxxxxxxxxxxx> wrote:
> Hello Nico,
>
> On Thu, 2010-12-16 at 15:20 -0500, Nico Kadel-Garcia wrote:
>> On Thu, Dec 16, 2010 at 11:00 AM, Leonard den Ottolander
>> > /usr/src/redhat and sub dirs are owned root.root. If you want to build
>> > as a normal user (and you should!) you should fix the ownership of those
>> > directories.
>>
>> NO. Never do this.
>
> Why would that be a problem?
>
> Regards,
> Leonard.

There are easily half a dozen reasons. The first one is that this is
where root runs their builds: if you leave it with write permission
for other users, they can replace components behind your back. Worse,
they can replace the .spec file, so when software is built, it runs as
the root user. Since various components do rely on RPM rebuilding,
such as HP's "Proliant Service Pack", it inserts a great glaring
vulnerability to leverage when the rebuild occurs.

Second, if you open the permissions there, multiple users can step on
each other building similar packages at the same time, especially if
they happen to be different versions of the same software.

The third reason one is that "/usr" is typically of modest size, and
leaving it open for RPM development can lead to many gigabytes of
inappropriate debris scattering it. Many modern systems have a much
larger /usr than they used to, but having to allocate that much extra
space for compilation efforts may cause other interesting resource
allocation problems. And overflowing /usr can cause very serious
problems indeed.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux