Monitoring make
This is a discussion on Monitoring make within the Linux Security forums, part of the System Security and Security Related category; I am concerned about compiling software on my system. Since many make files require root for the install, I would ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-06-2005
|
|||
|
|||
Monitoring make
I am concerned about compiling software on my system. Since many make
files require root for the install, I would like to watch the files that make, configure, src rpms, or any install script modifes or creates. Are there any other security concerns regarding compiling and installing software and is there any software to monitor these processes? Thanks, ThazKool 
|
|
05-06-2005
|
|||
|
|||
|
Re: Monitoring make
ThazKool wrote:
> I am concerned about compiling software on my system. Since many make > files require root for the install, I would like to watch the files > that make, configure, src rpms, or any install script modifes or > creates. Are there any other security concerns regarding compiling > and installing software and is there any software to monitor these > processes? > > Thanks, > ThazKool > Well, first and foremost, you have the makefile, and the source. Read every line of it all to see what it does, if you don't trust the software you are making. You will note that just doing make puts copious output to the screen. Save it all in a file, if you wish to review it. make 2>&1 |tee makelog will save all the information, including errors, to the file makelog in the directory in which you run make. Similarly with make install. Of course, if there is damage to be done, it is likely done at that point. I guess my non-expert advice would be, if you don't think you can trust the code, don't make it and for heaven's sake don't install it as root. Stick to code from reputable sources (established project on sourceforge and such). Check the md5 sums. And unless you are dealing with something really in the knickers of system configure --prefix=/home/yourloginname/relevantsoftwarename will end up doing the installation in your home directory and not require root. Cheers.
|
|
05-06-2005
|
|||
|
|||
|
Re: Monitoring make
On 06.05.2005, Timothy J. Bogart <tbogart@frii.net> wrote:
> ThazKool wrote: >> I am concerned about compiling software on my system. Since many make >> files require root for the install, I would like to watch the files >> that make, configure, src rpms, or any install script modifes or >> creates. Are there any other security concerns regarding compiling >> and installing software and is there any software to monitor these >> processes? > Well, first and foremost, you have the makefile, and the source. Read > every line of it all to see what it does, if you don't trust the > software you are making. > > You will note that just doing make puts copious output to the screen. > Save it all in a file, if you wish to review it. > > make 2>&1 |tee makelog > > will save all the information, including errors, to the file makelog in > the directory in which you run make. > > Similarly with make install. Of course, if there is damage to be done, > it is likely done at that point. Then why don't use -n flag? When I build Slackware's package then last thing before `make install' is to check whether makefile recognizes DESTDIR variable: `make -n install DESTDIR=/bleble | less -S' One might use checkinstall as well. Checkinstall monitors which files are going to be changed and saves them in safe place. The result will be two packages (*.deb, RPM or *.tgz, depending on configuration): one with program, one with original versions of modified files. -- Feel free to correct my English Stanislaw Klekot
|
|
05-06-2005
|
|||
|
|||
|
Re: Monitoring make
Stachu 'Dozzie' K. wrote:
> On 06.05.2005, Timothy J. Bogart <tbogart@frii.net> wrote: >>ThazKool wrote: >>>I am concerned about compiling software on my system. Since many make >>>files require root for the install, I would like to watch the files >>>that make, configure, src rpms, or any install script modifes or >>>creates. Are there any other security concerns regarding compiling >>>and installing software and is there any software to monitor these >>>processes? > >>Well, first and foremost, you have the makefile, and the source. Read >>every line of it all to see what it does, if you don't trust the >>software you are making. >> >>You will note that just doing make puts copious output to the screen. >>Save it all in a file, if you wish to review it. >> >>make 2>&1 |tee makelog >> >>will save all the information, including errors, to the file makelog in >>the directory in which you run make. >> >>Similarly with make install. Of course, if there is damage to be done, >>it is likely done at that point. > > Then why don't use -n flag? When I build Slackware's package then last > thing before `make install' is to check whether makefile recognizes > DESTDIR variable: `make -n install DESTDIR=/bleble | less -S' Oops, good catch. Forgot that one. > > One might use checkinstall as well. Checkinstall monitors which files > are going to be changed and saves them in safe place. The result will be > two packages (*.deb, RPM or *.tgz, depending on configuration): one with > program, one with original versions of modified files. >
|
Linear Mode
