Re: [gentoo-user] sudo in kernel config ?
In linux.gentoo.user, you wrote: Some people, such as myself, use kernel sources outside of portage (I follow a git repo) and do so as a non-root user. In this case the kernel tree is not owned by root and the config/compile is easily done as a non-root user. If you are super-paranoid. You can make a non-root copy of /usr/src/linux and compile it as a non-root user. But there really isn't any point in using sudo. It's effectively doing the same thing that you are trying to avoid. I agree there's no point in using sudo, but what's the problem? You don't need to edit the kernel sources merely to build a new kernel. You can build your kernel outside the tree using for example: make O=/home/user/kernel/tree/ menuconfig make O=/home/user/kernel/tree/ All files are put into the user's directory. All that's need is the KBUILD_OUTPUT environment variable set, so that drivers can find the kernel .config file etc. I've built my kernels like this for years now. All kernels are built by a specific user and then installed as root. No problem, no worries about permissions and no altering the portage installed kernel sources so that a purge (emerge -P gentoo-sources) will automatically remove the whole tree. -- Regards, Gregory.
Re: [gentoo-user] sudo in kernel config ?
I agree there's no point in using sudo, but what's the problem? You don't need to edit the kernel sources merely to build a new kernel. You can build your kernel outside the tree using for example: make O=/home/user/kernel/tree/ menuconfig make O=/home/user/kernel/tree/ This is how I do it, too, when testing the kernel before I do it for real. This way, the code stays owned by root and I can make to my hearts content, with different kernels going into different directories that I control. -- Bill Longman
Re: [gentoo-user] sudo in kernel config ?
This was actually a potential risk once upon a time: Sorry to drift from the topic, but would somebody please explain to me what a potential risk is? How does it differ from a risk? A risk is always potential. A potential risk is when you are not sure if it is a risk at all. Al
Re: [gentoo-user] sudo in kernel config ?
On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote: few months ago, I read linux kernel in a nutschell(sic), and the author wrote we shouldn't do kernel operations (config and build) as root. I call bullsh*t. I've been compiling kernels for 17 years and for the most part have done it as root without any problems. What the author is saying is that, to an extent, in theory no one should compile anything as root, or really do anything non-system-adminly as root. You should only do as root what is critically necessary (e.g. make install) as root. In a perfect, tidy world we'd all do that. This world, however does not exist. Even portage, by default does configure and make as root (albeit in a sandbox so it is safe(r). What the author means is theoretically the config/compile phase could unintentionally cause some kind of harm to your system. In practice I have never seen this or heard of it. The kernel devs are bright enough to ensure that the compilation does nothing outside the source tree itself. It's a good guideline but, like the government's dietary guidelines, not ones I intend to follow religiously. Is sudo (or kdesudo ?) a good replacement to that ? sudo runs things as root, so effectively you've done nothing but add a password prompt to the mix. Gentoo actually makes this a bit more difficult, because usually one uses portage to install the kernel sources, and they get installed as root-owned, and only root has write access to the kernel tree. Some people, such as myself, use kernel sources outside of portage (I follow a git repo) and do so as a non-root user. In this case the kernel tree is not owned by root and the config/compile is easily done as a non-root user. If you are super-paranoid. You can make a non-root copy of /usr/src/linux and compile it as a non-root user. But there really isn't any point in using sudo. It's effectively doing the same thing that you are trying to avoid.
Re: [gentoo-user] sudo in kernel config ?
Le Saturday 11 September 2010 11:46:59, Albert Hopkins a écrit : On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote: few months ago, I read linux kernel in a nutschell(sic), and the author wrote we shouldn't do kernel operations (config and build) as root. I call bullsh*t. I've been compiling kernels for 17 years and for the most part have done it as root without any problems. What the author is saying is that, to an extent, in theory no one should compile anything as root, or really do anything non-system-adminly as root. You should only do as root what is critically necessary (e.g. make install) as root. In a perfect, tidy world we'd all do that. This world, however does not exist. Even portage, by default does configure and make as root (albeit in a sandbox so it is safe(r). What the author means is theoretically the config/compile phase could unintentionally cause some kind of harm to your system. In practice I have never seen this or heard of it. The kernel devs are bright enough to ensure that the compilation does nothing outside the source tree itself. It's a good guideline but, like the government's dietary guidelines, not ones I intend to follow religiously. Is sudo (or kdesudo ?) a good replacement to that ? sudo runs things as root, so effectively you've done nothing but add a password prompt to the mix. Gentoo actually makes this a bit more difficult, because usually one uses portage to install the kernel sources, and they get installed as root-owned, and only root has write access to the kernel tree. Some people, such as myself, use kernel sources outside of portage (I follow a git repo) and do so as a non-root user. In this case the kernel tree is not owned by root and the config/compile is easily done as a non-root user. If you are super-paranoid. You can make a non-root copy of /usr/src/linux and compile it as a non-root user. But there really isn't any point in using sudo. It's effectively doing the same thing that you are trying to avoid. I am not paranoid anymore, just asking to knowing persons... Ok ! thanks for your answer ! -- Stéphane Guedon page web : http://www.22decembre.eu/ carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf clé publique gpg : http://www.22decembre.eu/downloads/Stephane-Guedon.asc signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] sudo in kernel config ?
On Saturday 11 September 2010, Stéphane Guedon wrote: Le Saturday 11 September 2010 11:46:59, Albert Hopkins a écrit : On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote: few months ago, I read linux kernel in a nutschell(sic), and the author wrote we shouldn't do kernel operations (config and build) as root. I call bullsh*t. I've been compiling kernels for 17 years and for the most part have done it as root without any problems. What the author is saying is that, to an extent, in theory no one should compile anything as root, or really do anything non-system-adminly as root. You should only do as root what is critically necessary (e.g. make install) as root. In a perfect, tidy world we'd all do that. This world, however does not exist. Even portage, by default does configure and make as root (albeit in a sandbox so it is safe(r). What the author means is theoretically the config/compile phase could unintentionally cause some kind of harm to your system. In practice I have never seen this or heard of it. The kernel devs are bright enough to ensure that the compilation does nothing outside the source tree itself. It's a good guideline but, like the government's dietary guidelines, not ones I intend to follow religiously. Is sudo (or kdesudo ?) a good replacement to that ? sudo runs things as root, so effectively you've done nothing but add a password prompt to the mix. Gentoo actually makes this a bit more difficult, because usually one uses portage to install the kernel sources, and they get installed as root-owned, and only root has write access to the kernel tree. Some people, such as myself, use kernel sources outside of portage (I follow a git repo) and do so as a non-root user. In this case the kernel tree is not owned by root and the config/compile is easily done as a non-root user. If you are super-paranoid. You can make a non-root copy of /usr/src/linux and compile it as a non-root user. But there really isn't any point in using sudo. It's effectively doing the same thing that you are trying to avoid. I am not paranoid anymore, just asking to knowing persons... Ok ! thanks for your answer ! well, some years ago someone made a mistake causing some people doing make as root loosing /dev/null or something like that. But not even everybody was hit. /me prefers loosing /dev/null over having /home/$USER overwritten.
Re: [gentoo-user] sudo in kernel config ?
On Sat, 2010-09-11 at 05:46 -0400, Albert Hopkins wrote: In a perfect, tidy world we'd all do that. This world, however does not exist. Even portage, by default does configure and make as root (albeit in a sandbox so it is safe(r). I suppose one could compile the kernel sources as root but inside sandbox, though I've never tried that.
Re: [gentoo-user] sudo in kernel config ?
Apparently, though unproven, at 11:46 on Saturday 11 September 2010, Albert Hopkins did opine thusly: On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote: few months ago, I read linux kernel in a nutschell(sic), and the author wrote we shouldn't do kernel operations (config and build) as root. I call bullsh*t. I've been compiling kernels for 17 years and for the most part have done it as root without any problems. Same here. The root user (sometimes portage) creates /usr/src/linux-* Someone tell me again exactly how user alan is supposed to build those sources? -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] sudo in kernel config ?
Alan McKinnon wrote: Apparently, though unproven, at 11:46 on Saturday 11 September 2010, Albert Hopkins did opine thusly: On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote: few months ago, I read linux kernel in a nutschell(sic), and the author wrote we shouldn't do kernel operations (config and build) as root. I call bullsh*t. I've been compiling kernels for 17 years and for the most part have done it as root without any problems. Same here. The root user (sometimes portage) creates /usr/src/linux-* Someone tell me again exactly how user alan is supposed to build those sources? If they are accessible by a user, couldn't a user then edit or add something that would then cause a security problem? If they can edit them and no one know it, then root comes along and builds a shiney new kernel with a really nice security hole. Glad only root can get to the sources. ;-) Dale :-) :-)
Re: [gentoo-user] sudo in kernel config ?
On Sat, 11 Sep 2010 15:35:58 -0500 Dale rdalek1...@gmail.com wrote: If they are accessible by a user, couldn't a user then edit or add something that would then cause a security problem? If they can edit them and no one know it, then root comes along and builds a shiney new kernel with a really nice security hole. This was actually a potential risk once upon a time: http://attrition.org/security/advisory/gobbles/GOBBLES-16.txt
Re: [gentoo-user] sudo in kernel config ?
Apparently, though unproven, at 22:28 on Saturday 11 September 2010, Etaoin Shrdlu did opine thusly: On Sat, 11 Sep 2010 15:35:58 -0500 Dale rdalek1...@gmail.com wrote: If they are accessible by a user, couldn't a user then edit or add something that would then cause a security problem? If they can edit them and no one know it, then root comes along and builds a shiney new kernel with a really nice security hole. This was actually a potential risk once upon a time: http://attrition.org/security/advisory/gobbles/GOBBLES-16.txt More like an actual risk all the time. Which is why: # ls -al /usr/src/ total 2 drwxr-xr-x 3 root root 136 2010-09-01 11:41 . drwxr-xr-x 17 root root 480 2010-08-23 01:44 .. -rw-r--r-- 1 root root0 2008-06-17 19:37 .keep lrwxrwxrwx 1 root root 18 2010-09-01 11:30 linux - linux-2.6.35-ck-r2 drwxr-xr-x 24 root root 1584 2010-09-01 02:12 linux-2.6.35-ck-r2 -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] sudo in kernel config ?
On Saturday 11 September 2010 21:28:13 Etaoin Shrdlu wrote: This was actually a potential risk once upon a time: Sorry to drift from the topic, but would somebody please explain to me what a potential risk is? How does it differ from a risk? (Not getting at you, Etaoin; the world is just full of woolly thinking that threatens to submerge us all. Or not thinking, in most cases.) -- Rgds Peter. Linux Counter 5290, 1994-04-23.
Re: [gentoo-user] sudo in kernel config ?
On Sat, 11 Sep 2010 23:05:22 +0100 Peter Humphrey pe...@humphrey.ukfsn.org wrote: On Saturday 11 September 2010 21:28:13 Etaoin Shrdlu wrote: This was actually a potential risk once upon a time: Sorry to drift from the topic, but would somebody please explain to me what a potential risk is? How does it differ from a risk? (Not getting at you, Etaoin; the world is just full of woolly thinking that threatens to submerge us all. Or not thinking, in most cases.) I suppose that a risk is potential because it's possible that it's, um risky only under certain circumstances. If those circumstances are not true for you, there is no risk; if they are true, there is a risk. Once you know that there is a risk (thus it's no longer potential, but it's actual), it still take somebody or something to exploit it to actually have a problem. Makes sense?
Re: [gentoo-user] sudo in kernel config ?
On Saturday 11 September 2010 23:03:14 Etaoin Shrdlu wrote: Makes sense? Not convinced. Sorry. -- Rgds Peter. Linux Counter 5290, 1994-04-23.