On 4/23/19 7:10 PM, Ken Moffat via lfs-dev wrote:
In
https://lore.kernel.org/lkml/CAHk-=wiv2glqkp6jfqyewl1uzgwnwek9fkwp3afzbcu2lv_...@mail.gmail.com/
Linus Torvalds said:
| I absolutely abhor even the concept of building the kernel as root,
| and I think it should be actively disallowed. Our build system is
| good, but it's good as in "clever and complex" rather than necessarily
| good as in "very secure".
|
| So anybody who builds the kernel as root is doing something seriously
| wrong, in my opinion.
|
| That's partly exactly _because_ we have a lot of magical and very
| powerful build rules, and complicated implicit things going on.
|
| For example, our dependencies aren't even about just the files in the
| kernel repository itself, we have clever things like "if the compiler
| has been updated and features or version changes, we'll automatically
| rebuild, because it's part of our clever build system checks".
|
| But that is also part of the reason why I absolutely do *not* want any
| root-building to happen, because our build setup is simply way too
| clever.
|
| If root builds stuff, you'll end up with root-owned generated
| subdirectories or various config files etc, and even if you don't have
| security issues, it can complicate the build later as a regular user.
|
| I've had the build occasionally fail in odd ways, because some
| root-owned file was now no longer removable (usually it's the
| auto-generated header files in the directory, and the root-generated
| and owned directory is now not writable by the developer any more).
| And every time it happens, I shudder.
|
| So all of that simply boils down to "root should not be running those
| complex rules for our config and dependency magic".
|
| At the same time, "make install" obviously needs to be done as root.
|
| All of which is why I opine that "make install" should never build
| anything at all, it should purely be used as a "install previously
| built files".
So, is it time to chown the kernel source in page 8.3 to lfs, su lfs
and then for 'make modules_install' and the cp steps, 'as root, ...'
and finally 'exit' to get back to root without being nested ?
We build the entire system in Chapter 6 as root. Building the kernel in
the chroot environment of Chapters 6-8 is really building in a sanitized
system.
For the initial kernel, I usually do build as root unless I think I
might need to post to lkml for reporting a problem. But that kernel
source gets thrown away later. For upgrading a running system I
always manually build as user 'ken', so apart from the aggravation of
chown, su, ... su etc this will not affect what I do. It's just like,
as in BLFS, encouraging good practice.
In BLFS we assume that the user is building as a non-privileged user for
all packages. It's not a giant leap that rebuilding the kernel should
not be done as root.
Also, remember the primary target audience of the books. We do want to
have a secure system, but adding things that really don't add to the
security just makes things more complex for new users.
Oh, and of course I don't run 'make install' for the kernel.
And neither does the book. I don't think I've ever used that.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
