install rpm\'s as root or ...? was Re: Custom Kernel Creation Documentation Online
Aleksandar Milivojevic
amilivojevic at pbl.ca
Wed Feb 9 15:37:32 UTC 2005
Paul Howarth wrote:
> It's a security issue. The person writing the spec for the RPM, or
> indeed the upstream package maintainer, could have put "rm -rf /" as a
> command in the installation script for instance. There are a wide
> variety of similar issues to consider. When building as a regular user,
> the worst that can happen is whatever damage the building user has
> permission to do to the system, which will usually mean only deleting or
> overwriting their own files.
While I agree with this security point, it is actually minor. Somebody
can implant "rm -rf /" or whatever into pre/post-install script in way
more subtle ways, or it might be carefully implanted somewhere in the
source of the program you are about to build/install (so when you
finally attempt to install binary RPM, something you normally do as
root, or run the program as root (for example, it's a service, or
utility you might want to execute as root) it gets executed). So, that
is basically the issue if you trust something downloaded from network in
general.
The more usual reason is to avoid damange from bugs either present in
original tarbal/SRPM or introduced by you. Consider for example that
you are creating SRPM from existing tarbal, and had to make a patch that
adds a line like this to install target of generated Makefile (for
whatever reason):
rm -rf ${PREFIX}/${DIRFORSOMETHING}
Probably not a good idea to do something like that without checking that
those two variables are defined and evaluating to something reasonable,
but let ignore it for a moment. You made two typos when writing the
patch (maybe you are lousy typer, or you missed your morning coffe, of
it was 5 am, and you missed your 2, 3, and 4am coffies), and what you
actually wrote in your patch is something like this:
rm -rf ${PRFIX}/${DIRFORSOMETHNG}
Since PRFIX and DIRFORSOMETHNG are not defined (PREFIX and
DIRFORSOMETHING are), this will evaluate to "rm -rf /". If you build as
root, you just wiped out your system. If you build as normal user, the
damange is less severe (and if you noticed tons of permission denied
errors on your terminal and pressed ctrl-c fast enough, maybe you were
lucky enough that "rm -rf /" hasn't got to any of the files you own).
This, of course, is true for any software development. Development
should not be done as root (unless you are doing it on a system
disconnected from network, and are not going to bug your sysadmin when
you screw it, and you are going to screw it sooner or later). There is
a good reason for that. Since building binary packages from SRPMs is
really one of the development steps (even if you are not "developing"
anything, and all you want is to simply compile SRPM made by somebody
else), it shouldn't be done as root either.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the users
mailing list