Hi Stuart, ----- Ursprüngliche Mail ----- > Von: "Stuart Hughes" <[email protected]> > An: "Christoph Baumann" <[email protected]> > CC: [email protected] > Gesendet: Mittwoch, 4. Juli 2012 11:12:34 > Betreff: Re: [Ltib] Using LTIB without root privileges [...] > I realise that, but I'd suggest that you don't install on any machine > that is mission critical or sensitive. >
I for myself don't fear any intruder. But the security auditing guys see the scenario that someone could compromise the development machine to inject malicious code into the resulting firmware. > If you think about it, if your IT policy allows you to run sudo, then > what LTIB is doing is fine, all it is doing is removing the need to > enter your user password. If your IT policy does not allow you to run > sudo (for any command), then you should not be installing LTIB (as it > needs sudo for rpm installs). BTW LTIB cannot accidentally install > rpms > into your system area, that's what the weird %pfx stuff in the .spec > files is for. I hope I can get an exception from that policy. Because I need to develop for the Freescale i.MX28 for which Freescale provides a preconfigured LTIB as BSP. And I'm not very keen on dissecting this BSP in order to get the MX28 specialities into some other build tool. > I've been over this many times with many people. The issue is one of > balancing ultimate security vs usability, there is no right or wrong > answer. Given that LTIB wants to create an NFS mountable filesystem > image, at some point it needs to be root to create the files with the > correct user/permissions. Sorry, didn't want to bother you. I can understand your point. But as mentioned above I need good reasons to demand to be able to "sudo". Regards, Christoph _______________________________________________ LTIB home page: http://ltib.org Ltib mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/ltib
