Re: install rpm\'s as root or ...? was Re: Custom Kernel Creation Documentation Online

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Paul Howarth wrote:
It's a security issue. The person writing the spec for the RPM, or indeed the upstream package maintainer, could have put "rm -rf /" as a command in the installation script for instance. There are a wide variety of similar issues to consider. When building as a regular user, the worst that can happen is whatever damage the building user has permission to do to the system, which will usually mean only deleting or overwriting their own files.

While I agree with this security point, it is actually minor. Somebody can implant "rm -rf /" or whatever into pre/post-install script in way more subtle ways, or it might be carefully implanted somewhere in the source of the program you are about to build/install (so when you finally attempt to install binary RPM, something you normally do as root, or run the program as root (for example, it's a service, or utility you might want to execute as root) it gets executed). So, that is basically the issue if you trust something downloaded from network in general.


The more usual reason is to avoid damange from bugs either present in original tarbal/SRPM or introduced by you. Consider for example that you are creating SRPM from existing tarbal, and had to make a patch that adds a line like this to install target of generated Makefile (for whatever reason):

	rm -rf ${PREFIX}/${DIRFORSOMETHING}

Probably not a good idea to do something like that without checking that those two variables are defined and evaluating to something reasonable, but let ignore it for a moment. You made two typos when writing the patch (maybe you are lousy typer, or you missed your morning coffe, of it was 5 am, and you missed your 2, 3, and 4am coffies), and what you actually wrote in your patch is something like this:

	rm -rf ${PRFIX}/${DIRFORSOMETHNG}

Since PRFIX and DIRFORSOMETHNG are not defined (PREFIX and DIRFORSOMETHING are), this will evaluate to "rm -rf /". If you build as root, you just wiped out your system. If you build as normal user, the damange is less severe (and if you noticed tons of permission denied errors on your terminal and pressed ctrl-c fast enough, maybe you were lucky enough that "rm -rf /" hasn't got to any of the files you own).

This, of course, is true for any software development. Development should not be done as root (unless you are doing it on a system disconnected from network, and are not going to bug your sysadmin when you screw it, and you are going to screw it sooner or later). There is a good reason for that. Since building binary packages from SRPMs is really one of the development steps (even if you are not "developing" anything, and all you want is to simply compile SRPM made by somebody else), it shouldn't be done as root either.

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux