On Fri, Jan 21, 2005 at 06:15:28PM -0600, Frank Smith wrote: > > > --On Friday, January 21, 2005 18:18:52 -0500 Eric Siegerman <[EMAIL > PROTECTED]> wrote: > > > On Thu, Jan 20, 2005 at 10:22:16PM +0100, Stefan G. Weichinger wrote: > >> - configure and make as $AMANDAUSER > > > > I don't believe this is necessary. One should avoid building > > Amanda as root, but that's not because it'll cause problems for > > Amanda; it's for the same reason one should avoid building > > *anything* as root. > > Sorry for hijacking a thread, but playing devil's advocate here, > what difference does it really make whether you build as root > or not if you run 'make install' as root? How many people > actually go through each line of the makefile, or run make -n > first and examine all that, plus look through the code itself? > In Amanda's case, for example, if the source for runtar > contained code to 'mailx [EMAIL PROTECTED] < /etc/shadow' or > 'rm -fR /' would it really make any difference what user it > was compiled under? Would they notice even if it wasn't buried > in the source, but was just part of the 'install' target in > the makefile (or an included subdirectory makefile)? > For user programs, compiling and installing as a user > can limit the damage that can be done, but if any part of > the build, install, or execution ever has root privileges > then you really aren't increasing your security by building > as a normal user and installing as root. > All that said, I generally do build as a normal user, as > it can expose permission problems on libraries, paths, etc. > at build time instead of later when users are trying to run > the program.
You have said it yourself, as ordinary user you limit the possible problems. Have you never looked at a file with an editor and inadvertently modified it? Don't you ever do little changes to the code or makefiles? How about running your builds from a script as Gene H. does. Or running my configure with a script that modifies the makefiles to allow me a target of *.i output files (post-preprocessor). I don't want to run these things as root. There doesn't have to be anything malicious to be dangerous or unwanted. Just a simple error that might cause less damage run by amanda than run by root. Or even by user jon. Suppose I had a simple "cd" in one of these scripts; like cd $AmandaBuildDir But I forgot to properly set AmandaBuildDir, or I misspelled it in the script. Now it is a "cd <with no args>" meaning a cd to the home directory of the person running it. I would rather it went to amanda's, not jon's and certainly not root's home dir before continuing the script. jl -- Jon H. LaBadie [EMAIL PROTECTED] JG Computing 4455 Province Line Road (609) 252-0159 Princeton, NJ 08540-4322 (609) 683-7220 (fax)
