1 |
Le Saturday 11 September 2010 11:46:59, Albert Hopkins a écrit : |
2 |
> On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote: |
3 |
> > few months ago, I read linux kernel in a nutschell(sic), and the author |
4 |
> > wrote we shouldn't do kernel operations (config and build) as root. |
5 |
> |
6 |
> I call bullsh*t. I've been compiling kernels for 17 years and for the |
7 |
> most part have done it as root without any problems. |
8 |
> |
9 |
> What the author is saying is that, to an extent, in theory no one should |
10 |
> compile anything as root, or really do anything non-system-adminly as |
11 |
> root. You should only do as root what is critically necessary (e.g. |
12 |
> make install) as root. |
13 |
> |
14 |
> In a perfect, tidy world we'd all do that. This world, however does not |
15 |
> exist. Even portage, by default does configure and make as root (albeit |
16 |
> in a sandbox so it is safe(r). |
17 |
> |
18 |
> What the author means is theoretically the config/compile phase could |
19 |
> unintentionally cause some kind of harm to your system. In practice I |
20 |
> have never seen this or heard of it. The kernel devs are bright enough |
21 |
> to ensure that the compilation does nothing outside the source tree |
22 |
> itself. |
23 |
> |
24 |
> It's a good guideline but, like the government's dietary guidelines, not |
25 |
> ones I intend to follow religiously. |
26 |
> |
27 |
> > Is sudo (or kdesudo ?) a good replacement to that ? |
28 |
> |
29 |
> sudo runs things as root, so effectively you've done nothing but add a |
30 |
> password prompt to the mix. |
31 |
> |
32 |
> Gentoo actually makes this a bit more difficult, because usually one |
33 |
> uses portage to install the kernel sources, and they get installed as |
34 |
> root-owned, and only root has write access to the kernel tree. |
35 |
> |
36 |
> Some people, such as myself, use kernel sources outside of portage (I |
37 |
> follow a git repo) and do so as a non-root user. In this case the |
38 |
> kernel tree is not owned by root and the config/compile is easily done |
39 |
> as a non-root user. |
40 |
> |
41 |
> If you are super-paranoid. You can make a non-root copy |
42 |
> of /usr/src/linux and compile it as a non-root user. |
43 |
> |
44 |
> But there really isn't any point in using sudo. It's effectively doing |
45 |
> the same thing that you are trying to avoid. |
46 |
|
47 |
I am not paranoid anymore, just asking to knowing persons... |
48 |
Ok ! thanks for your answer ! |
49 |
-- |
50 |
Stéphane Guedon |
51 |
page web : http://www.22decembre.eu/ |
52 |
carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf |
53 |
clé publique gpg : http://www.22decembre.eu/downloads/Stephane-Guedon.asc |