Re: A quick question about ./configure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 9/27/07, Akemi Yagi <amyagi@xxxxxxxxx> wrote:
> On 9/27/07, Jim Perrin <jperrin@xxxxxxxxx> wrote:
> > On 9/27/07, Ralph Angenendt <ra+centos@xxxxxxxxxxxx> wrote:
> > > umair shakil wrote:
> > > >    and also tell u r login as root user????
> > >
> > > Why should that be of any interest?
> >
> > To evaluate the potential success of a rootkit?

Since I've been told before that sarcasm is unbecoming (though damn
funny), I'll explain a bit further.

Running ./configure and make as root can open your system to potential
threats if you're not careful. While somewhat unlikely, there may be a
root kit in the code, which building as root triggers. The bigger
threat comes from errors in the Makefile, or the code itself, such
that an errant cleanup script during the build process does an rm -rf
/* instead of an rm -rf $buildroot/* or some other similar flawed
command.

Building as a normal user may also clue you in to other flaws in the
code, such as an inability to function for users other than root,
linking to a directory where it doesn't need access, etc.

> As already pointed out by two big boys... when running:
Hey! I'm not that big! Besides, I've exercising lately, and eating
more things that eat vegetables. Got to keep my computer muscles in
shape dammit!

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux