Re: I want to ask about some Kernel level operations.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 01/01/2014 06:25 PM, Eliezer Croitoru wrote:
> Hey John,
>
> Thanks!
>
> On 02/01/14 02:14, John R Pierce wrote:
>> Its the principle of least privilege.
>>
>> You don't need to be root to compile software, or to test software in a
>> local directory, you only need root privileges to install it to a system
>> directory.   When you're developing, building, testing software, there's
>> a very good chance of something going wrong, so if you are running as a
>> non-root user, the potential damages are minimized.
> OK so as long as I can understand the meaning of compiling as non-root 
> user is to be careful with your system.
>
> I would say that my conclusion is that if there is a very big system it 
> is better to let the root user which understand the meaning of this 
> system and to operate it.
>
> A simple testing machine which has error correction mechanism in it 
> should be OK.
>
> I can see couple issues from my mind and vision but it seems like most 
> software in CentOS will be safe to be compiled as root user.(I am 
> testing a tiny simple piece of software)
>
> To corrupt a system in a level which it cannot be recognized that you 
> have changed it you must be something like GOD or something in the same 
> level.

Things like, if the RPM does not properly config the target during the
build, instead of installing into $RPM_BUILDROOT and trying to package
up the RPM, it might install it to /usr/lib/ accidentally, etc.

Some software is written poorly.

If we are talking CentOS / Red Hat / Fedora type packages then most of
the time nowadays those SRPMs should be built inside of mock anyway to
get a clean buildroot.
 


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux