Rick Moen wrote:
> Nico Kadel-Garcia <nkadel@comcast.net> wrote:
>> Rick Moen wrote:
>
>>> I say this with some trepidation, because it could be seen as a slam
>>> against our Scarlet Chapeau-wearing friends (and I do not so intend,
>>> nor do I engage in distro-bashing generally): There seems to be a
>>> very common misconception among (many) users of RPM-based
>>> distributions, and particularly of Red Hat [Enterprise] Linux, that
>>> one cannot build packages unless one is wielding root-user
>>> authority.
>>
>> Agreed. But there are some security reasons: for example, the
>> behavior of LD_LIBRARY_PATH is different for mere mortal users than
>> it is for root, and it can be worth building as root to make sure
>> you haven't incorporated any dependencies on that variable.
>
> Obligatory mention: LD_LIBRARY_PATH is bad.
> http://www.visi.com/~barr/ldpath.html
>
>> It can also help prevent someone slipping a
>> fascinating library into a local directory, to be compiled by the
>> builder and published as an RPM, and cause people to go nuts
>> figuring out where it came from.
>
> You know, if I have to worry about people slipping in a file into a
> 0700 build directory tree owned by me alone, I've got bigger problems
> than the security of my build system. ;->

Like using NFS home directories?