0

Is there a security difference between doing

sudo make install

versus two step

sudo su

and then typing

make install

The reason I'm asking is because a security requirement to install some software says you must type exactly 'make install' (not sudo make install) - presumably for some permission reasons.

However, the 'make install' requires writing to root directories apparently so the only way to get it to install would be to first enter the 'sudo su' terminal, then to type 'make install' - is there any security difference in terms of permissions, root,user,group read-write permissions or anything like that between these two methods of installing?

user1709076
  • 149
  • 7

1 Answers1

0

From a practical security standpoint, I do not see a difference. In either case, you are running the command with root privileges, and any malicious code in the repository could take over the system in either case. There's not much else to it.

Perhaps this is a policy interpretation, or maybe the requirement is not security related at all (still not sure why it would make a difference).

multithr3at3d
  • 12,355
  • 3
  • 29
  • 42
  • There is a minor auditing difference. ‘sudo make’ is recorded as running make with sudo. ‘sudo su -> make’ is recorded as running su with sudo. – LvB Oct 16 '20 at 11:02
  • @LvB true, I think that would make `sudo make` the more desirable option for auditing, but the other command is preferred in OP's scenario. – multithr3at3d Oct 16 '20 at 21:34