Fedora News Updates #1

Andy Green fedora at warmcat.com
Wed Jan 7 13:47:47 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 07 January 2004 13:22, Rui Miguel Seabra wrote:

Hi Rui -

> That has got to be the most ridiculous kind of argument in defense of
> bad advice I've ever seen.

Please don't confuse my worries about binaries with 'defending bad advice'.  
Sure its better to make as an unprivileged user -- marginally.  Because then 
you're going to become root and do the make install, which can contain all of 
the bad things you are worrying about.  Or, they can put the bad things in 
sources, merely set the thing suid root in make install and nuke the machine 
when you run the app.  They could use make inferences to cause execution of 
apps that do not appear in the install: clause but elsewhere in the Makefile.  
These are the reasons in my mind when I do not think make as root is ... 
ahem... the root of the problem.

> If you only use root for when you really need to, then the probability
> that you will have problems falls down by several orders of magnitude.

This is definitely true, I can't imagine anyone will disagree.  But the 
problem probability does not go to 0, it never will.

> Most Fedora user will run software from reasonable sources, which have
> the humanely possible community resources to review software.
>
> up2date and yum and other meta packagers should simply refuse to install
> unsigned packages unless forced to. Fedora Core packages do have to be
> signed, anyway.

Sure.  But if you look back in this thread, the meaning of a signed package is 
a very narrow promise, which in fact only reduces the likelihood of the 
package containing evil things to something >0.  Recently there have been 
many subtle attempts on the kernel, mplayer, bsd.... we only hear about them 
because they are detected.  It will only take one 0day allowing people to 
penetrate Freshrpms or fedora.us - I assume Redhat take extra care of their 
keys - and the results will be catastrophic.  No, I don't know what to 
suggest, except facing the fact that we throw the dice every time we install 
code and backing up accordingly.

> Should we just do like Lindows and run everything as root? We might just
> as well.

My point is that every time you install an RPM or do make install you are 
giving externally sourced scripts root access to your machine, which is the 
equivalent of make or make install as root.  Yet for Fedora people, 
installing an RPM is much more common than making source.

- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE//A4DjKeDCxMJCTIRAhnIAJ90fgluvtGRqZpnnmq15AK+qa+POQCdFWyK
hI8jZ+Jqt5KPtx9ITJ2/4xc=
=Cxvb
-----END PGP SIGNATURE-----

More information about the fedora-list mailing list