From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OuWo6-0000vd-0b for garchives@archives.gentoo.org; Sat, 11 Sep 2010 20:36:18 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 06BB0E0A69; Sat, 11 Sep 2010 20:36:02 +0000 (UTC) Received: from mail-gx0-f181.google.com (mail-gx0-f181.google.com [209.85.161.181]) by pigeon.gentoo.org (Postfix) with ESMTP id D826BE0A69 for ; Sat, 11 Sep 2010 20:36:01 +0000 (UTC) Received: by gxk1 with SMTP id 1so2223351gxk.40 for ; Sat, 11 Sep 2010 13:36:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=Ke9iwWtTd3HcX604AM5vDRDXly+HhI9ax1YBF5+sjdU=; b=KiS60Vdz3y2zCBRNkIBGBbup5nmriPmI9nIDSZBtWcNzJ1/GIt4GOWLN8ZM366q/AY bPpyC63ELycLuhgXhgi/ewIG3yKUOCiRlXrAWTgpUYIredHr7ioChkDWgTCIVYWti0HQ auC2X79wRLDjalViQIbzEHcGh0d7ioDfcAjPE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=nYMVS0illa1pWGR+nD2pLFaA4POlF1+S0LJ9o83XRTg7jj/ugJWvlOuZj3/qpM7F3y ucacd4ZGbyDIal9Pa9Uir87yyzYtrL/2a/m4+VxxpxRjNIXJvG6bvcVr+8rtrt9JyO4J IfSduR4EPuuyNwKWmMJTt9rdIFo7HueY1CYvo= Received: by 10.151.150.20 with SMTP id c20mr1186378ybo.303.1284237361466; Sat, 11 Sep 2010 13:36:01 -0700 (PDT) Received: from [192.168.1.2] (adsl-0-94-87.jan.bellsouth.net [65.0.94.87]) by mx.google.com with ESMTPS id q21sm1264546ybk.3.2010.09.11.13.35.59 (version=SSLv3 cipher=RC4-MD5); Sat, 11 Sep 2010 13:36:00 -0700 (PDT) Message-ID: <4C8BE82E.6020500@gmail.com> Date: Sat, 11 Sep 2010 15:35:58 -0500 From: Dale User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100909 Gentoo/2.0.7 SeaMonkey/2.0.7 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] sudo in kernel config ? References: <201009111024.31634.stephane@22decembre.eu> <1284198419.2992.20.camel@paska> <201009112218.05042.alan.mckinnon@gmail.com> In-Reply-To: <201009112218.05042.alan.mckinnon@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 83b04498-6f6b-4ee0-b48a-f2ef131c25c6 X-Archives-Hash: 698a2cc0e0e1ab3bfd224b5b3af33e55 Alan McKinnon wrote: > Apparently, though unproven, at 11:46 on Saturday 11 September 2010, Al= bert > Hopkins did opine thusly: > > =20 >> On Sat, 2010-09-11 at 10:24 +0200, St=C3=A9phane Guedon wrote: >> =20 >>> few months ago, I read linux kernel in a nutschell(sic), and the auth= or >>> wrote we shouldn't do kernel operations (config and build) as root. >>> =20 >> I call bullsh*t. I've been compiling kernels for 17 years and for the >> most part have done it as root without any problems. >> =20 > Same here. > > The root user (sometimes portage) creates /usr/src/linux-* > > Someone tell me again exactly how user alan is supposed to build those > sources? > > =20 If they are accessible by a user, couldn't a user then edit or add=20 something that would then cause a security problem? If they can edit=20 them and no one know it, then root comes along and builds a shiney new=20 kernel with a really nice security hole. Glad only root can get to the sources. ;-) Dale :-) :-)