[CentOS] A quick question about ./configure
Jim Perrin
jperrin at gmail.com
Thu Sep 27 16:33:24 UTC 2007
On 9/27/07, Akemi Yagi <amyagi at gmail.com> wrote:
> On 9/27/07, Jim Perrin <jperrin at gmail.com> wrote:
> > On 9/27/07, Ralph Angenendt <ra+centos at br-online.de> wrote:
> > > umair shakil wrote:
> > > > and also tell u r login as root user????
> > >
> > > Why should that be of any interest?
> >
> > To evaluate the potential success of a rootkit?
Since I've been told before that sarcasm is unbecoming (though damn
funny), I'll explain a bit further.
Running ./configure and make as root can open your system to potential
threats if you're not careful. While somewhat unlikely, there may be a
root kit in the code, which building as root triggers. The bigger
threat comes from errors in the Makefile, or the code itself, such
that an errant cleanup script during the build process does an rm -rf
/* instead of an rm -rf $buildroot/* or some other similar flawed
command.
Building as a normal user may also clue you in to other flaws in the
code, such as an inability to function for users other than root,
linking to a directory where it doesn't need access, etc.
> As already pointed out by two big boys... when running:
Hey! I'm not that big! Besides, I've exercising lately, and eating
more things that eat vegetables. Got to keep my computer muscles in
shape dammit!
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
More information about the CentOS
mailing list