Re: building 2.6.35
On Thu, 12 Aug 2010 12:10:16 -0400 (EDT), Arthur Machlas wrote:
> On Wed, 11 Aug 2010 17:33:12 -0400 (EDT), Bob Proulx wrote:
>> Then log out. At login you will be set to those additional groups.
>> With those in place you can work as yourself in those areas. Safer
>> than using root since as yourself you can't smash anything in the
>> system directories /etc or /bin or /var or other system locations.
>> This makes installing local software through 'make install' much safer
>> and more contained when not done as root. If one were to crawl out of
>> /usr/local for example you would see the failure. If you were running
>> as root then you would not.
>
> Isn't there a risk in granting user access to src, adm, and such if
> ever your user account is compromised? My uninformed opinion is that
> it's a question of relative risk; the 'risk' involved in building
> kernels as root, versus the risk involved in giving access to these
> dirs and tools should your account become compromised.
Obviously, the more groups an id is a member of, the more harm
that id can do in the hands of a malicious (or foolish) user. And that's
one reason why I can't make everyone happy no matter what my web page
says! I suppose the most secure method would be to create an id just
for kernel building which is a member of group src and its login
group, and that's it.
--
.''`. Stephen Powell
: :' :
`. `'`
`-
Reply to: