On 05/07/12 08:31, Christoph Baumann wrote:
Hi Stuart,
----- Ursprüngliche Mail -----
Von: "Stuart Hughes"<[email protected]>
An: "Christoph Baumann"<[email protected]>
CC: [email protected]
Gesendet: Mittwoch, 4. Juli 2012 11:12:34
Betreff: Re: [Ltib] Using LTIB without root privileges
[...]
I realise that, but I'd suggest that you don't install on any machine
that is mission critical or sensitive.
I for myself don't fear any intruder. But the security auditing guys see the
scenario that someone could compromise the development machine to inject
malicious code into the resulting firmware.
If you think about it, if your IT policy allows you to run sudo, then
what LTIB is doing is fine, all it is doing is removing the need to
enter your user password. If your IT policy does not allow you to run
sudo (for any command), then you should not be installing LTIB (as it
needs sudo for rpm installs). BTW LTIB cannot accidentally install
rpms
into your system area, that's what the weird %pfx stuff in the .spec
files is for.
I hope I can get an exception from that policy. Because I need to develop for
the Freescale i.MX28 for which Freescale provides a preconfigured LTIB as BSP.
And I'm not very keen on dissecting this BSP in order to get the MX28
specialities into some other build tool.
I've been over this many times with many people. The issue is one of
balancing ultimate security vs usability, there is no right or wrong
answer. Given that LTIB wants to create an NFS mountable filesystem
image, at some point it needs to be root to create the files with the
correct user/permissions.
Sorry, didn't want to bother you. I can understand your point. But as mentioned above I
need good reasons to demand to be able to "sudo".
Hi Christoph,
Do you have sudo on these machines (outside of LTIB), if not, they're
not suitable for installing LTIB. If they do, LTIB presents no more
risk that the users allowed to run sudo.
If they want reason, the simple one is that an NFS root area cannot be
correctly populated without sudo permissions (for rpm install). If the
don't like that there options are:
* Deny your request and offer an non-IT PC where you can do LTIB: the
cost a few hundred dollars
* Deny your request and have you spend many hours (thousands of dollars)
trying to work-round this. You will ultimately fail as you'll need to
be root at some point if you're doing this kind of development.
* Allow your request and let common sense prevail. If they have
concerns they should be based on something objective - a real security
concern. Ask them what they think could happen?
Regards, Stuart
_______________________________________________
LTIB home page: http://ltib.org
Ltib mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/ltib
