Changeset 2904 in project for wiki/chicken-setup


Ignore:
Timestamp:
01/23/07 08:53:48 (14 years ago)
Author:
felix winkelmann
Message:

bugfix in tinyclos

File:
1 edited

Legend:

Unmodified
Added
Removed
  • wiki/chicken-setup

    r2798 r2904  
    546546
    547547
     548=== Security
     549
     550When extensions are downloaded and installed one is executing code
     551from potentially compromised systems. This applies also when {{chicken-setup}}
     552executes system tests for required extensions. As the code has been
     553retrieved over the network effectively untrusted code is going to be
     554evaluated. When {{chicken-setup}} is run as ''root'' the whole system
     555is at the mercy of the build instructions (note that this is also
     556the case every time you install software via {{sudo make install}}, so this
     557is not specific to the CHICKEN extension mechanism).
     558
     559Security-conscious users should never run {{chicken-setup}} as root.
     560A simple remedy is to set the environment variable {{CHICKEN_REPOSITORY}},
     561which will transparently place the repository at an arbitrary user-selected
     562location. Alternatively obtain write/execute access to the default location
     563of the repository (usually {{/usr/local/lib/chicken}}) to avoid running
     564as root.
     565
     566
    548567=== Other modes if installation
    549568
Note: See TracChangeset for help on using the changeset viewer.