About your mplayerplug-in article

Rui Miguel Seabra rms at 1407.org
Mon Jan 5 09:55:37 UTC 2004


Hi,

  The article is so bad from the point of minimal security precautions
that it is a scandal to advise users to do all those things with the
user root.

  It starts from switching to user root (with ABSOLUTELY no need to do
it but until the very act of installing with rpm -ivh ...) and invites
users to do actions that SHOULD NOT be done with the root user, like
running applications which fetch foreign uncontrollable data from the
net and even worse: compiling as root (SHUDDER).

  If you continue fomenting a trend of using the user root for
everything, very soon many GNU/Linux users will use the system with
root, suffering security problems that would leave Windows 95 looking as
a most secure OS.

Let's start at the beginning:

DON'T SWITCH TO root, and please notice that in an ideal situation you
SHOULD use another user than yours to compile software...

be perfectly happy with your normal user account:

[jdoe at house jdoe]$ mkdir cvs
[jdoe at house jdoe]$ cd cvs
[jdoe at house jdoe]$ export
CVSROOT=:pserver:anonymous at cvs.sourceforge.net:/cvsroot/mplayerplug-in
[jdoe at house jdoe]$ cvs login
[jdoe at house jdoe]$ cvs -z3 co mplayerplug-in
[jdoe at house jdoe]$ cd mplayerplug-in
[jdoe at house jdoe]$ ./configure
[jdoe at house jdoe]$ make dist
[jdoe at house jdoe]$ mv mplayerplug-in-*gz /tmp
[jdoe at house jdoe]$ cd ~/
[jdoe at house jdoe]$ mkdir -p
redhat/{RPMS/{i386,noarch,i686},SRPMS,SPECS,SOURCES,BUILD}
[jdoe at house jdoe]$ echo '%_topdir /home/jdoe/redhat' >> ~/.rpmmacros
[jdoe at house jdoe]$ rpmbuild -ta /tmp/mplayerplug-in-....gz
[jdoe at house jdoe]$ su -
[root at house root]# rpm -Uvh
/home/jdoe/redhat/RPMS/i386/mplayerplug-in-1.0-1.fc1.i386.rpm

PLEASE DO BE more careful with your advice in the future, what you just
advised is tantamount to giving a 4 year old a loaded gun to play.

Regards, Rui

-- 
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

Please AVOID sending me WORD, EXCEL or POWERPOINT attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040105/8144b8a8/attachment-0001.sig>


More information about the fedora-list mailing list