On Tue, 2003-08-12 at 08:16, Benjamin J. Weiss wrote: > On many of the INSTALL and README documents that come with source > tarballs, they talk about compiling with 'make', then running 'make > install' as root. I was scanning some security documents the other day, > and something just hit me: Somewhere in those documents they were > talking about looking for files that had the suid bit set and that were > owned by root. > > Now, I usually put my source files in /usr/local/src, so that I have one > place to put them. And I su to root before I do so, because my normal > account doesn't have access to that folder. Which means that I'm > compiling my sources as root, then installing them. > > Is this a bad security hole? Do I need to somehow set up a 'compile' > account that has access to that folder, or just create a folder in /var > or something?
Running "make install" as root has nothing to do with setting the suid bit in the resulting binary. When the suid bit is set the permissions on a binary look like this... -r-sr-xr-x 1 root root 125000 Feb 11 04:43 pwdb_chkpwd The purpose for running "make install" as root is normally to put binaries, libraries, etc., into directories where all users can access them but no user can modify/delete them. The way you are doing it is OK. However, if you have other users on your system it is doubtful they need access to the source. It is probably more common for people to put source in say ~/src, run make as a normal user, then run make install as root. Ed -- http://www.shorewall.net Shorewall, for all your firewall needs -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
