Recently, I have again bumped into the question whether one
should compile the kernel as root. One of the things that puzzles
me is why almost every HowTo, blog post and book recommends
building as non-root -- yet basically no distribution /helps/ the
user with doing that.
I've discussed this with a few people on #gentoo-dev and they've
provided valuable insight (thanks AxS, Chainsaw and WilliamH), so
I have gathered the results so far here:
> Recently, I have again bumped into the question whether one
> should compile the kernel as root. One of the things that puzzles
> me is why almost every HowTo, blog post and book recommends
> building as non-root -- yet basically no distribution /helps/ the
> user with doing that.
>
> I've discussed this with a few people on #gentoo-dev and they've
> provided valuable insight (thanks AxS, Chainsaw and WilliamH), so
> I have gathered the results so far here:
>
> http://blog.i-no.de/archives/2012/07/index.html#e2012-07-04T19_28_32.txt
>
> Feel free to comment (ideally here). Note that I'm aiming for a
> solution that is not (overly) Gentoo-specific.
There's a very simple yet custom solution I'm using. Shortly saying:
checkout the kernel git to /usr/src/linux and chown to your user. As
far as it goes, it's superior to having kernel sources installed by
ebuilds.
I just have to remember to do 'git fetch' from time to time and 'git
merge' whenever a new version is tagged.
--
Best regards,
Michał Górny
07-04-2012, 06:06 PM
Tobias Klausmann
Kernel compiles and you
Hi!
On Wed, 04 Jul 2012, Michał Górny wrote:
> There's a very simple yet custom solution I'm using. Shortly saying:
> checkout the kernel git to /usr/src/linux and chown to your user. As
> far as it goes, it's superior to having kernel sources installed by
> ebuilds.
>
> I just have to remember to do 'git fetch' from time to time and 'git
> merge' whenever a new version is tagged.
It is also beyond the package manager's control. That means users
who want to just configure their kernel (and run point releases
otherwise) have to actively check for new tags/versions.
Aside from that the git tree is not exactly lightweight: my
current 2.6 checkout weighs in at 1.4G whereas the unpacked tar
is 512M.
I'll amend the blog post, though.
Regards,
Tobias
--
Sent from aboard the Culture ship
GSV Just Read The Instructions
07-04-2012, 06:20 PM
"Rick "Zero_Chaos" Farina"
Kernel compiles and you
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/04/2012 01:58 PM, Michał Górny wrote:
> On Wed, 4 Jul 2012 19:46:47 +0200
> Tobias Klausmann <klausman@gentoo.org> wrote:
>
>> Recently, I have again bumped into the question whether one
>> should compile the kernel as root. One of the things that puzzles
>> me is why almost every HowTo, blog post and book recommends
>> building as non-root -- yet basically no distribution /helps/ the
>> user with doing that.
>>
>> I've discussed this with a few people on #gentoo-dev and they've
>> provided valuable insight (thanks AxS, Chainsaw and WilliamH), so
>> I have gathered the results so far here:
>>
>> http://blog.i-no.de/archives/2012/07/index.html#e2012-07-04T19_28_32.txt
>>
>> Feel free to comment (ideally here). Note that I'm aiming for a
>> solution that is not (overly) Gentoo-specific.
>
> There's a very simple yet custom solution I'm using. Shortly saying:
> checkout the kernel git to /usr/src/linux and chown to your user. As
> far as it goes, it's superior to having kernel sources installed by
> ebuilds.
>
> I just have to remember to do 'git fetch' from time to time and 'git
> merge' whenever a new version is tagged.
>
Honestly I'm not certain if there is an easy way to do this....
Obvious easy way, make the ebuilds install the kernel sources and chown
root.users then chmod g+w. Of course, after this any user could trojan
the kernel...
We could allow writes in the directories but not to the kernel source
files themselves... that seems moderately sane even as the source files
don't need to be written to be compiled, only the dir's need write
permissions...
Thoughts?
- -Zero
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
On Wed, Jul 04, 2012 at 02:20:36PM -0400, Rick "Zero_Chaos" Farina wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/04/2012 01:58 PM, Michał Górny wrote:
> > On Wed, 4 Jul 2012 19:46:47 +0200
> > Tobias Klausmann <klausman@gentoo.org> wrote:
> >
> >> Recently, I have again bumped into the question whether one
> >> should compile the kernel as root. One of the things that puzzles
> >> me is why almost every HowTo, blog post and book recommends
> >> building as non-root -- yet basically no distribution /helps/ the
> >> user with doing that.
> >>
> >> I've discussed this with a few people on #gentoo-dev and they've
> >> provided valuable insight (thanks AxS, Chainsaw and WilliamH), so
> >> I have gathered the results so far here:
> >>
> >> http://blog.i-no.de/archives/2012/07/index.html#e2012-07-04T19_28_32.txt
> >>
> >> Feel free to comment (ideally here). Note that I'm aiming for a
> >> solution that is not (overly) Gentoo-specific.
> >
> > There's a very simple yet custom solution I'm using. Shortly saying:
> > checkout the kernel git to /usr/src/linux and chown to your user. As
> > far as it goes, it's superior to having kernel sources installed by
> > ebuilds.
> >
> > I just have to remember to do 'git fetch' from time to time and 'git
> > merge' whenever a new version is tagged.
> >
>
> Honestly I'm not certain if there is an easy way to do this....
>
> Obvious easy way, make the ebuilds install the kernel sources and chown
> root.users then chmod g+w. Of course, after this any user could trojan
> the kernel...
There is no need to chown or chmod anything. /usr/src/linux* is always
world readable.
> We could allow writes in the directories but not to the kernel source
> files themselves... that seems moderately sane even as the source files
> don't need to be written to be compiled, only the dir's need write
> permissions...
Actually the directories do not need write permissions either. Take a
look at the O= option documented in /usr/src/linux/README.
William
07-04-2012, 07:07 PM
Michael Weber
Kernel compiles and you
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 07/04/2012 08:56 PM, William Hubbs wrote:
> On Wed, Jul 04, 2012 at 02:20:36PM -0400, Rick "Zero_Chaos" Farina
> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 07/04/2012 01:58 PM, Michał Górny wrote:
>> We could allow writes in the directories but not to the kernel
>> source files themselves... that seems moderately sane even as the
>> source files don't need to be written to be compiled, only the
>> dir's need write permissions...
>
> Actually the directories do not need write permissions either. Take
> a look at the O= option documented in /usr/src/linux/README.
>
> William
>
Um, well, users can then write the the compiled files (.o in the tree).
You can also set `chmod -R g+w /` and gave everyone full access.
I think running kernels from non-root checkouts is a pretty big
security hole.
Michael
- --
Gentoo Dev
http://xmw.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Michael Weber wrote:
> I think running kernels from non-root checkouts is a pretty big
> security hole.
Suggest think again.
The Linux kernel should not and really must not be built as root.
This is neither supported nor recommended nor tested by upstream.
You may recall there was a kernel build system bug which ran -rf /
which would be bad if you built as root.
The administrator usually has a normal user account somewhere. Use
that to build.
-sources ebuilds installing 755 root:root to /usr/src/linux is fine,
but best avoid building in-tree in that case.
> Hi!
>
> On Wed, 04 Jul 2012, Michał Górny wrote:
> > There's a very simple yet custom solution I'm using. Shortly saying:
> > checkout the kernel git to /usr/src/linux and chown to your user. As
> > far as it goes, it's superior to having kernel sources installed by
> > ebuilds.
> >
> > I just have to remember to do 'git fetch' from time to time and 'git
> > merge' whenever a new version is tagged.
>
> It is also beyond the package manager's control. That means users
> who want to just configure their kernel (and run point releases
> otherwise) have to actively check for new tags/versions.
True. I think that's the direction I should look into improving.
> Aside from that the git tree is not exactly lightweight: my
> current 2.6 checkout weighs in at 1.4G whereas the unpacked tar
> is 512M.
Well, that's the other problem. On the other hand, you usually have to
have that 1G free anyway unless you intend to manually unmerge
the previous *-sources before installing the new one. And the time
needed to do that... git is so much faster.
--
Best regards,
Michał Górny
07-04-2012, 11:35 PM
Greg KH
Kernel compiles and you
On Wed, Jul 04, 2012 at 07:46:47PM +0200, Tobias Klausmann wrote:
> Hi!
>
> Recently, I have again bumped into the question whether one
> should compile the kernel as root. One of the things that puzzles
> me is why almost every HowTo, blog post and book recommends
> building as non-root -- yet basically no distribution /helps/ the
> user with doing that.
Most distros don't have to do anything, they are not requiring users to
build their own kernels
So in reality, they all do help their users with this, it's trivial to
build a kernel as a user on those distros. Actually, it is also on
Gentoo, there's no need to ever put a kernel anywhere except in your
home directory when building it.
Oh, and one more reason you "never want to build your kernel as root", a
few years ago, the kernel build process had a bug where it accidentally
tried to do a 'rm -rf /*' on your filesystem. None of the kernel
developers ever noticed that as they didn't build a kernel as root, and
the bug stuck around for a relativly long time (weeks at least.) There
was also some semi-serious talk about leaving it in the build as well,
just to "catch" people who were doing this, but sanity prevailed and it
was fixed. But, you never know if that old bug might slip back in one
day
good luck,
greg k-h
07-04-2012, 11:49 PM
Maxim Kammerer
Kernel compiles and you
On Wed, Jul 4, 2012 at 9:56 PM, William Hubbs <williamh@gentoo.org> wrote:
> Actually the directories do not need write permissions either. Take a
> look at the O= option documented in /usr/src/linux/README.
The KBUILD_OUTPUT / O= option seems like the best solution to me
(especially so as I build three kernel images from a single sources
tree), and it works well, except that it sometimes doesn't with
especially monstrous and hard to configure packages such as
virtualbox-guest-additions — see bug #424816.
Kernel compiles and you
