Okay, this may be a stupid question, but I got to thinking... On many of the INSTALL and README documents that come with source tarballs, they talk about compiling with 'make', then running 'make install' as root. I was scanning some security documents the other day, and something just hit me: Somewhere in those documents they were talking about looking for files that had the suid bit set and that were owned by root.
Now, I usually put my source files in /usr/local/src, so that I have one place to put them. And I su to root before I do so, because my normal account doesn't have access to that folder. Which means that I'm compiling my sources as root, then installing them. Is this a bad security hole? Do I need to somehow set up a 'compile' account that has access to that folder, or just create a folder in /var or something? Thanks! Ben -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
