| 1 |
On Saturday 11 September 2010, Stéphane Guedon wrote: |
| 2 |
> Le Saturday 11 September 2010 11:46:59, Albert Hopkins a écrit : |
| 3 |
> > On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote: |
| 4 |
> > > few months ago, I read linux kernel in a nutschell(sic), and the author |
| 5 |
> > > wrote we shouldn't do kernel operations (config and build) as root. |
| 6 |
> > |
| 7 |
> > I call bullsh*t. I've been compiling kernels for 17 years and for the |
| 8 |
> > most part have done it as root without any problems. |
| 9 |
> > |
| 10 |
> > What the author is saying is that, to an extent, in theory no one should |
| 11 |
> > compile anything as root, or really do anything non-system-adminly as |
| 12 |
> > root. You should only do as root what is critically necessary (e.g. |
| 13 |
> > make install) as root. |
| 14 |
> > |
| 15 |
> > In a perfect, tidy world we'd all do that. This world, however does not |
| 16 |
> > exist. Even portage, by default does configure and make as root (albeit |
| 17 |
> > in a sandbox so it is safe(r). |
| 18 |
> > |
| 19 |
> > What the author means is theoretically the config/compile phase could |
| 20 |
> > unintentionally cause some kind of harm to your system. In practice I |
| 21 |
> > have never seen this or heard of it. The kernel devs are bright enough |
| 22 |
> > to ensure that the compilation does nothing outside the source tree |
| 23 |
> > itself. |
| 24 |
> > |
| 25 |
> > It's a good guideline but, like the government's dietary guidelines, not |
| 26 |
> > ones I intend to follow religiously. |
| 27 |
> > |
| 28 |
> > > Is sudo (or kdesudo ?) a good replacement to that ? |
| 29 |
> > |
| 30 |
> > sudo runs things as root, so effectively you've done nothing but add a |
| 31 |
> > password prompt to the mix. |
| 32 |
> > |
| 33 |
> > Gentoo actually makes this a bit more difficult, because usually one |
| 34 |
> > uses portage to install the kernel sources, and they get installed as |
| 35 |
> > root-owned, and only root has write access to the kernel tree. |
| 36 |
> > |
| 37 |
> > Some people, such as myself, use kernel sources outside of portage (I |
| 38 |
> > follow a git repo) and do so as a non-root user. In this case the |
| 39 |
> > kernel tree is not owned by root and the config/compile is easily done |
| 40 |
> > as a non-root user. |
| 41 |
> > |
| 42 |
> > If you are super-paranoid. You can make a non-root copy |
| 43 |
> > of /usr/src/linux and compile it as a non-root user. |
| 44 |
> > |
| 45 |
> > But there really isn't any point in using sudo. It's effectively doing |
| 46 |
> > the same thing that you are trying to avoid. |
| 47 |
> |
| 48 |
> I am not paranoid anymore, just asking to knowing persons... |
| 49 |
> Ok ! thanks for your answer ! |
| 50 |
|
| 51 |
well, some years ago someone made a mistake causing some people doing make as |
| 52 |
root loosing /dev/null or something like that. But not even everybody was hit. |
| 53 |
|
| 54 |
/me prefers loosing /dev/null over having /home/$USER overwritten. |
Archives