[users] Request and a bug: gksu

Yury V. Zaytsev yury at shurup.com
Thu Jun 9 18:29:02 CEST 2011

On Thu, 2011-06-09 at 09:14 -0700, Todd And Margo Chester wrote: 
>    Follow up question: if I were to skip the RPM process and just compile
> the app from the/a tar ball, would that remove your security concerns?

If you manage to do it properly, then mostly yes. Indeed, bigger part of
the issues are caused by running binaries on a system that they were not
compiled for (be it older or newer).

You can still screw up on many occasions, i.e. install the application
that was compiled from source into the directory tree that is controlled
by the package manager. 

This actually sometimes happens even when you did everything correctly,
for instance when there is a bug / hardcoded path somewhere in the build
system that causes make install to ignore the prefix for some files,
which is why software is never to be compiled or installed as root.


Sincerely yours,
Yury V. Zaytsev

More information about the users mailing list