> The Linux kernel should not and really must not be built as root.
> This is neither supported nor recommended nor tested by upstream.
> You may recall there was a kernel build system bug which ran -rf /
> which would be bad if you built as root.
>
> The administrator usually has a normal user account somewhere. Use
> that to build.
>

Maybe it's just the sysadmin in me, and being used to logging into
hundreds of boxes where the only non-root accounts are dedicated to
specifics apps which have specific reasons to limit their security
access (nginx/etc), but the concept that simply compiling a kernel as
root being a dangerous operation -- seems twisted.  From a system
reliability point of view, compiling a kernel should be something I
can do on all boxes when if needed and the only account that I can
ensure exists on all boxes is root.

Still, I guess it makes sense from the perspective of the kernel
developers and we're stuck with that, although -- the gloating over
'rm -rf' seems overdone.

In any case, if we must go down this road..than the proper solution is
to treat the kernel like any other security sensitive app.  Create a
new designated user for compiling kernels - call it 'kernel' and over
time we'll grow used to it being on all boxes.  We can adjust our
automated kernel building scripts to su to the kernel user before
issuing make commands/etc and the makefile can terminate abnormally if
it detects it is being run from any other user than 'kernel'.

Reply via email to