mån 2007-07-30 klockan 16:51 +0300 skrev Gilboa Davara:
I second the above.
Running HTTP/FTP client as root is -not- a god idea.
Even if HTTP is being pushed to an external plugin that's built around
wget, this plug must be executed as user/guest and not as root.
Yes, the principle of least privilege does apply here.
Though, I would worry more about the fact that rpm -ivh http://...
doesn't verify any signatures. It's a good idea to:
wget http://...
rpm -K foo.rpm
Look at the result, and then maybe:
rpm -i foo.rpm
(rpm -K && rpm -i won't do, since it'll say OK for unsigned packages,
IIRC)
Or, even:
wget http://...
yum localinstall foo.rpm
Which, in turn, might be possible to simplify?
/abo