[gpm]Re: gpm 1.19.4 X Raw Hide version
Preston Brown
pbrown@redhat.com
Wed, 9 Jan 2002 09:35:37 -0500 (EST)
On Wed, 9 Jan 2002, Nico Schottelius wrote:
>
> sorry for the late reply!
>
> > > > > About gpm-1.19.3-root.patch:
> > > > >
> > > > > - $(INSTALL_PROGRAM) -o root -m 755 disable-paste $(bindir)/disable-paste
> > > > > + $(INSTALL_PROGRAM) disable-paste $(bindir)/disable-paste
> > > > >
> > > > > I think Red Hat removed -o root -m 755 because it's the
> > > > > default.
> > > >
> > > > Mainly because we don't build RPMs as a root user for security concerns
> > > > (everything should be buildable as non-root), and this breaks that.
> > >
> > > Do you use install as non root user ? That's interesting.
> > > I would have problems if I do that.
> >
> > Build, not install.
>
> what's you defination of build ?
> ./configure && make ?
> or make install ?
Both.
When we create packages, we do so in a sandbox environment of sorts,
running as a non-root user, etc. Any privileged files we need to create
in an RPM archive (SUID bits, file ownership, etc) are _explicitly_
spelled out in the RPM .spec file itself. This limits potential
security oversights and mistakes.
So the "make install" portion of building gpm (and all other RPMs in the
system, over 1000) does not actually install to the real filesystem, but
to a temporary one (i.e. not /usr/bin but maybe /var/tmp/gpm-root/usr/bin).
--
Preston Brown
Director, Linux Development
Red Hat, Inc.
pbrown@redhat.com
+1 919 547 0012 x280