--On Friday, January 21, 2005 18:18:52 -0500 Eric Siegerman <[EMAIL PROTECTED]> wrote:
> On Thu, Jan 20, 2005 at 10:22:16PM +0100, Stefan G. Weichinger wrote: >> - configure and make as $AMANDAUSER > > I don't believe this is necessary. One should avoid building > Amanda as root, but that's not because it'll cause problems for > Amanda; it's for the same reason one should avoid building > *anything* as root. Sorry for hijacking a thread, but playing devil's advocate here, what difference does it really make whether you build as root or not if you run 'make install' as root? How many people actually go through each line of the makefile, or run make -n first and examine all that, plus look through the code itself? In Amanda's case, for example, if the source for runtar contained code to 'mailx [EMAIL PROTECTED] < /etc/shadow' or 'rm -fR /' would it really make any difference what user it was compiled under? Would they notice even if it wasn't buried in the source, but was just part of the 'install' target in the makefile (or an included subdirectory makefile)? For user programs, compiling and installing as a user can limit the damage that can be done, but if any part of the build, install, or execution ever has root privileges then you really aren't increasing your security by building as a normal user and installing as root. All that said, I generally do build as a normal user, as it can expose permission problems on libraries, paths, etc. at build time instead of later when users are trying to run the program. Frank > > I've never had a problem building Amanda under my own user > account, and it's hard to see why such a problem might ever > occur. > >> make install as root > > This *is* necessary, of course. > > -- > >| | /\ >| -_|/ > Eric Siegerman, Toronto, Ont. [EMAIL PROTECTED] >| | / > The animal that coils in a circle is the serpent; that's why so > many cults and myths of the serpent exist, because it's hard to > represent the return of the sun by the coiling of a hippopotamus. > - Umberto Eco, "Foucault's Pendulum" -- Frank Smith [EMAIL PROTECTED] Sr. Systems Administrator Voice: 512-374-4673 Hoover's Online Fax: 512-374-4501
