-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 07 January 2004 13:22, Rui Miguel Seabra wrote: Hi Rui - > That has got to be the most ridiculous kind of argument in defense of > bad advice I've ever seen. Please don't confuse my worries about binaries with 'defending bad advice'. Sure its better to make as an unprivileged user -- marginally. Because then you're going to become root and do the make install, which can contain all of the bad things you are worrying about. Or, they can put the bad things in sources, merely set the thing suid root in make install and nuke the machine when you run the app. They could use make inferences to cause execution of apps that do not appear in the install: clause but elsewhere in the Makefile. These are the reasons in my mind when I do not think make as root is ... ahem... the root of the problem. > If you only use root for when you really need to, then the probability > that you will have problems falls down by several orders of magnitude. This is definitely true, I can't imagine anyone will disagree. But the problem probability does not go to 0, it never will. > Most Fedora user will run software from reasonable sources, which have > the humanely possible community resources to review software. > > up2date and yum and other meta packagers should simply refuse to install > unsigned packages unless forced to. Fedora Core packages do have to be > signed, anyway. Sure. But if you look back in this thread, the meaning of a signed package is a very narrow promise, which in fact only reduces the likelihood of the package containing evil things to something >0. Recently there have been many subtle attempts on the kernel, mplayer, bsd.... we only hear about them because they are detected. It will only take one 0day allowing people to penetrate Freshrpms or fedora.us - I assume Redhat take extra care of their keys - and the results will be catastrophic. No, I don't know what to suggest, except facing the fact that we throw the dice every time we install code and backing up accordingly. > Should we just do like Lindows and run everything as root? We might just > as well. My point is that every time you install an RPM or do make install you are giving externally sourced scripts root access to your machine, which is the equivalent of make or make install as root. Yet for Fedora people, installing an RPM is much more common than making source. - -Andy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE//A4DjKeDCxMJCTIRAhnIAJ90fgluvtGRqZpnnmq15AK+qa+POQCdFWyK hI8jZ+Jqt5KPtx9ITJ2/4xc= =Cxvb -----END PGP SIGNATURE-----
