Re: [Ltib] Using LTIB without root privileges

[Jehan Bing]

On 2012-07-06 01:22, Stuart Hughes wrote:
> What are the real risk you talk about? There are no significant risks
> that I can see. Risk is commonly defined as:
>
> probability of event occurrence  X consequences of the event occurring.
>
> So:
>
>   * 10% probability resulting in death in not acceptable
>   * 10% risk of missing lunch is probably acceptable to most people
>   * 0.001 % risk of losing a non-critical file is probably acceptable
>
> So far since I started the project I don't think anyone has ever
> reported an actual problem that occurred due to LTIB having sudo
> access.  I'm not saying it could not happen, but believe the risk and
> consequences to be very low.
>
> The point is that things need to be kept in proportion.  As I said
> before, what could happen? bear in mind any of your work should be
> checked into an SCM and you machine backed up.  If you (or your ID
> department) are not doing this, then they are taking unnecessary risks.

The risk I'm talking about is that a developer takes control over the 
machine. And if he takes control over that machine, he could take 
control of the whole network which turn could give him access to a bunch 
of thing he shouldn't, like the HR servers and all theirs employees 
data, including social security number, or the database servers for the 
online store and all its credit card numbers, ...
Backups and SCM won't protect your against such a scenario.

And yes, this is a catastrophic scenario, very unlikely to happen. But 
it can happen, it's easy to find similar stories on the web.

And yes, there are various work-arounds, like using a non-IT PC. But 
what I wanted to say is that one of those work-arounds is to have LTIB 
not need sudo. And the best is to have both.


> Sudo is needed so that you correctly populate an NFS mountable root
> filesystem.   You, may not use NFS for development but many people do,
> it's the most efficient way to develop, time-wise.

I'm not denying that other people needs NFS and sudo access. I was only 
saying that those people are not your only users and was giving our 
group as an example.

And to be completely honest, we do use NFS, but not on a root filesystem 
but on a small partition to mount on our test devices so we can test a 
new app without having to build and flash a new firmware each time. And 
it was setup once by the IT team and the developers can use it without 
requiring root access.


> If this is a real problem for you then either use a different
> builder/project, or provide a solution to the mailing list.

Indeed, we could use something else. And I never wanted to say that LTIB 
had to stop using sudo "or else...".
I just saw Christoph's email offering such a solution, and you refusing 
it based on reasons that didn't seem valid to me and showed a limited 
view of your user base. So I was just asking for some clarifications as 
well as giving you my opinion and personal experience.

You're free to take my opinion in or ignoring it. I'm in no place to 
force you to do anything.


> As I said
> before if you are doing this type of development at some time you'll
> need sudo, regardless of LTIB.

And I'm telling you that it is not necessary and gave myself as an 
example. But again it's your right to just ignore me.

Cheers,
        Jehan