Post by Goblin
Ah... Big Steel... Always a pleasure and never a chore. I have to
admit, out of all the Microsoft Advocates, you are one I like reading
the most. You are like the Usenet version of Cartman; loud, offensive
and always off target.
THE SINGLE MOST FUNNY DRUNKEN INSANE RANT "HADRON" HAS HITHERTO POSTED
A recent thread "Works for me" has amazed me. A group of COLA
"contributors" have decided that it IS ok to download source, unarchive
it configure it and compile it under a su (as root) shell. This is
amazing since common sense and best practice in ALL *nix development
arenas I have been have mandated that the only phase ones uses as root
is the install itself.
Of course even thinking about it slightly makes this obvious. Accessing
ANY program as root which accesses the web is daft. Unarchiving as root
means one typo could see that archive wipe your machine. One problem in
the make file could see the file system hosed or something rooted. One
doesnt have to be a genius to see this.
However group luminaries have different opinions. And have laughed at my
reasonings. Some even suggesting I dont know what I'm talking about.
Chris Ahlstrom and Gregory Sheaman (yes he of a "good UI is a waste of a
programmers time" fame) and to a lesser extent TomB, have dictated that
I dont know what I'm talking about and its perfectly ok to do all of
this and more in an su shell. Indeed, why bother with sudo at all eh?
So what happens when they make a mistake? Amazingly "thats ok" as they
have backups. Yes folks. They have "backups". So lets fuck up the system
but thats ok - they have backups. Clearly not admins on multiuser
servers then. Not that anyone thought them competent enough in the first
Those not convinced need to look up sudo. Not only that they need to
look up debian sudo and see how the sudoers file needs to be edited.
So COLA : its ok.
Rest of world : Its not ok and is downright foolish.
Some links follow to highlight how clueless Ahlstrom most of all is
(he's there laughing and patting people on the back about all the
crazzeeeee things he does as root). Also keep in mind how that thread
started - I was highlighting how silly it was to do things as root for a
nOOb. It soon degenerated thanks to COLA dicks as to how it was
perfectly ok to do it ALL as root. I am, frankly, astonished as to how
little these guys seem to understand about the Linux security access
methods and how they should be used to maintain a systems
integrity. There willingness to risk compromising servers (and, as a
result anyone that logs into them) is unnerving to say the least.
| Doing anything as root without a DAMN good reason is a very stupid
| The reason I don't want to compile as root is that frankly I don't trust the code, and I don't really feel like browsing every makefile and every source file to make sure that no harm will be done to my system. Compiling as root has never been considered a safe practice.
| Also, it's completely redundant because the system uses fakeroot. You
| don't need root privs.
| well... it's all about security
| , I'm not sure, but in Linux philosophy, you should NEVER do ANYTHING at
| root, except things you are FORCED to do. So, since you can "configure"
| and "make" at user but need to be root to "make install" you should only
| be root to do make install. I suppose this way, you can avoid bad code,
| evil configure script or things like this.
| Good news is OpenWRT 8.09 got recently released. Bad news is that you
| can’t compile it as root. Yes, compiling as root is bad,
| As a rule of thumb, if it doesn't /have/ to be done as root, then don't
| do it as root. If you aren't running as root then it (intentionally, or
| by accident, or because you made a typo, etc) can't destroy your system
| or install a rootkit.
To summarise : You guys should be ashamed of yourself saying its
ok. This is almost as embarrassing for Ahlstrom as him maintaining Peter
was right when he thought he could access a field of a struct in C from
a NULL pointer after boasting about how he crafts world class C code.
-- "Hadron" <email@example.com>