On 04/07/12 10:05, Christoph Baumann wrote:
Hi Stuart,
----- Ursprüngliche Mail -----
Von: "Stuart Hughes" <[email protected]>
An: "Mike Goins" <[email protected]>
CC: [email protected]
Gesendet: Mittwoch, 4. Juli 2012 09:57:43
Betreff: Re: [Ltib] Using LTIB without root privileges
[...]
Hi Mike,
See my earlier post. LTIB is only root during rpm install.
the problem I have with that is that you can hijack any machine if you
are granted rights to install RPMs.
Or to be more exact guys who do security auditings will frown upon
such a circumstance.
Regards,
Christoph Baumann
Hi Christoph,
I realise that, but I'd suggest that you don't install on any machine
that is mission critical or sensitive.
If you think about it, if your IT policy allows you to run sudo, then
what LTIB is doing is fine, all it is doing is removing the need to
enter your user password. If your IT policy does not allow you to run
sudo (for any command), then you should not be installing LTIB (as it
needs sudo for rpm installs). BTW LTIB cannot accidentally install rpms
into your system area, that's what the weird %pfx stuff in the .spec
files is for.
I've been over this many times with many people. The issue is one of
balancing ultimate security vs usability, there is no right or wrong
answer. Given that LTIB wants to create an NFS mountable filesystem
image, at some point it needs to be root to create the files with the
correct user/permissions.
Regards, Stuart
_______________________________________________
LTIB home page: http://ltib.org
Ltib mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/ltib
