On Thu, 16 Dec 2010, m.roth at 5-cent.us wrote: > To: CentOS mailing list <centos at centos.org> > From: m.roth at 5-cent.us > Subject: Re: [CentOS] Building packages using RPMBUILD > > Leonard den Ottolander wrote: >> Hello Nico, >> >> On Thu, 2010-12-16 at 15:20 -0500, Nico Kadel-Garcia wrote: >>> On Thu, Dec 16, 2010 at 11:00 AM, Leonard den Ottolander >>>> /usr/src/redhat and sub dirs are owned root.root. If you want to build >>>> as a normal user (and you should!) you should fix the ownership of >>>> those directories. >>> >>> NO. Never do this. >> >> Why would that be a problem? > > One possibility: suppose someone cracks in as the user that owns those > directories. They could then install whatever they want in there... and > the next time you built and installed something, it could carry their > payload. That's a good point, bu if they get in as root, they can access any build branch they want to, under any user account. Keith -- In theory, theory and practice are the same; in practice they are not. This email was sent from my laptop with Centos 5.5