On 06/09/2011 09:29 AM, Yury V. Zaytsev wrote:
> On Thu, 2011-06-09 at 09:14 -0700, Todd And Margo Chester wrote:
>> Follow up question: if I were to skip the RPM process and just compile
>> the app from the/a tar ball, would that remove your security concerns?
> If you manage to do it properly, then mostly yes. Indeed, bigger part of
> the issues are caused by running binaries on a system that they were not
> compiled for (be it older or newer).
>
> You can still screw up on many occasions, i.e. install the application
> that was compiled from source into the directory tree that is controlled
> by the package manager.
>
> This actually sometimes happens even when you did everything correctly,
> for instance when there is a bug / hardcoded path somewhere in the build
> system that causes make install to ignore the prefix for some files,
> which is why software is never to be compiled or installed as root.
Thank you.
-T
_______________________________________________
users mailing list
[email protected]
http://lists.repoforge.org/mailman/listinfo/users
