This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH - ping] Don't unlink /dev/null on darwin (Zack Weinberg)  wrote on 14.02.05 in <>:

> command by hand as root) and it certainly needs autoconf goo.  Right
> now, though, what I want to hear about is not these minor details, but
> rather compelling reasons why we should *not* do this, because I can't
> think of any.

> +  if (geteuid() == 0 || getuid() == 0)
> +    {
> +      fprintf (stderr, "%s: do not run as root\n", argv[0]);
> +      return FATAL_EXIT_CODE;
> +    }
> +

Well, not without an option --i-know-what-i-m-doing-compile-as-root.

I've used this several times in disaster recovery situations, quickly  
hacking together a program to help with filesystem recopery. The last  
time, for example, there were (1) a program to scan for read errors, then  
try to overwrite the bad block; and (2) a program to read and write again  
a range of blocks, to avoid read errors. (I think I didn't actually write  
the copy-partition-with-read-errors one.)

In those situations, you really don't want to deal with using a non-root  
user just for compiling.

On the other hand, I certainly agree that outside such rather exotic  
situations, you shouldn't run a program as root that hasn't been audited  
for that.

MfG Kai

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]