Re: trouble building an rpm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tuesday, September 13, 2011 11:20:57 AM John Doe wrote:
> From: Peter Kjellström <cap@xxxxxxxxxx>
> 
> > It's not a good idea to build rpms as root (unless in a throw-away vm).
> > Build as user or even better using mock.
> 
> Am I missing something or building an rpm as a non-root user for security
> reason won't do much when, in the end, the rpm will be installed as
> root...? Apart from protecting the rpm building host.

It is true that if you're looking only at the security aspect of hadling a 
malicious rpm then it won't buy you that much. It will still however:

 * Keep the rest of the rpms that build-server did safe
 * Delay the effect one step (you can pick up the malicious binary rpm when
   testing, before deploying).

That said the main reason probably isn't malicious (src)rpms but broken ones. 
A spec file can easily contain bugs that will change/corrupt/break your build 
machine (and still produce a valid binary rpm).

In the end it's kind of like running your gnome as root. You can do it but 
common sense and the complexity of the system tells you not to.

/Peter

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux