> The Linux kernel should not and really must not be built as root. > This is neither supported nor recommended nor tested by upstream. > You may recall there was a kernel build system bug which ran -rf / > which would be bad if you built as root. > > The administrator usually has a normal user account somewhere. Use > that to build. >
Maybe it's just the sysadmin in me, and being used to logging into hundreds of boxes where the only non-root accounts are dedicated to specifics apps which have specific reasons to limit their security access (nginx/etc), but the concept that simply compiling a kernel as root being a dangerous operation -- seems twisted. From a system reliability point of view, compiling a kernel should be something I can do on all boxes when if needed and the only account that I can ensure exists on all boxes is root. Still, I guess it makes sense from the perspective of the kernel developers and we're stuck with that, although -- the gloating over 'rm -rf' seems overdone. In any case, if we must go down this road..than the proper solution is to treat the kernel like any other security sensitive app. Create a new designated user for compiling kernels - call it 'kernel' and over time we'll grow used to it being on all boxes. We can adjust our automated kernel building scripts to su to the kernel user before issuing make commands/etc and the makefile can terminate abnormally if it detects it is being run from any other user than 'kernel'.
