Re: [Ltib] Using LTIB without root privileges

[Christoph Baumann]

Hi Stuart,

----- Ursprüngliche Mail -----
> Von: "Stuart Hughes" <address@hidden>
> An: "Christoph Baumann" <address@hidden>
> CC: address@hidden
> Gesendet: Mittwoch, 4. Juli 2012 11:12:34
> Betreff: Re: [Ltib] Using LTIB without root privileges
[...]
> I realise that, but I'd suggest that you don't install on any machine
> that is mission critical or sensitive.
> 

I for myself don't fear any intruder. But the security auditing guys see the 
scenario that someone could compromise the development machine to inject 
malicious code into the resulting firmware.


> If you think about it, if your IT policy allows you to run sudo, then
> what LTIB is doing is fine, all it is doing is removing the need to
> enter your user password. If your IT policy does not allow you to run
> sudo (for any command), then you should not be installing LTIB (as it
> needs sudo for rpm installs). BTW LTIB cannot accidentally install
> rpms
> into your system area, that's what the weird %pfx stuff in the .spec
> files is for.

I hope I can get an exception from that policy. Because I need to develop for 
the Freescale i.MX28 for which Freescale provides a preconfigured LTIB as BSP. 
And I'm not very keen on dissecting this BSP in order to get the MX28 
specialities into some other build tool.


> I've been over this many times with many people. The issue is one of
> balancing ultimate security vs usability, there is no right or wrong
> answer. Given that LTIB wants to create an NFS mountable filesystem
> image, at some point it needs to be root to create the files with the
> correct user/permissions.

Sorry, didn't want to bother you. I can understand your point. But as mentioned 
above I need good reasons to demand to be able to "sudo".




Regards,
Christoph