install rpm\'s as root or ...? was Re: Custom Kernel Creation Documentation Online
Paul Howarth
paul at city-fan.org
Wed Feb 9 14:02:47 UTC 2005
Fernando Fernández Pedraza wrote:
> Hello Dave,
>
>
>
>>However, source RPMS should never be
>>installed or built as root.
>
>
> Yes, I've heard about this before, but I still don't understand why.
> Could you please elaborate?
It's a security issue. The person writing the spec for the RPM, or
indeed the upstream package maintainer, could have put "rm -rf /" as a
command in the installation script for instance. There are a wide
variety of similar issues to consider. When building as a regular user,
the worst that can happen is whatever damage the building user has
permission to do to the system, which will usually mean only deleting or
overwriting their own files.
Paul.
More information about the fedora-list
mailing list