Am 02.02.22 um 08:23 schrieb Josef Moellers:
On 01.02.22 17:54, Reindl Harald wrote:
Am 01.02.22 um 15:28 schrieb Josef Moellers:
Just for the record:
Thanks, Ondřej, for pushing my nose onto the fact that the test
should be run as a non-privileged user.
really *nothing* should run as root, especially not building software
- doing so and even rpmbuild no longer can assure that something don't
break out of the buildroot
In my case I run it on a private VM
irrelevant - basics are basics
But you're right: if the source is unreliable, anything can happen.
I was assuming the bind sources are reliable.
you are violating the principle of least privilege and that has absolute
*nothing* to do with reliable
stop that sort of argumentation instead admit that you learned some
absolute basics - the only error on binds sources is that they donÄt
refuse to build as root without a special flag like courier-mta does for
decades
a simple typo on *your side* can make the diffren between terrible
accidents and a "permission denied" error pointing you to your mistake
mistakes happen, errors happen, bugs happen
all the time, eveywhere
the "make install" in a rpmbuild simply fails when it tries touch
touch /usr and that's one more reason never type "sudo make install"
but package everything
Yes ... that's what I'm about to do ... packaging bind
https://www.reddit.com/r/linux/comments/1ekd5w/why_is_it_dangerous_to_compilebuild_packages_as/
!!!!!!
It's not just malicious individuals you have to worry about. There can
also be bugs in the build system
!!!!!!
https://serverfault.com/questions/10027/why-is-it-bad-to-build-rpms-as-root
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
