what userid do you update system sources under?

[grarpamp]

> I was wondering if there was something
> intrinsically unsafe in using git as the superuser. I mean if a
> daemon/process makes a socket call outbound, it's usually as the uid/gid
> of the daemon, the least privileges to get the work done.
> Maybe my concerns are without foundation in this particular case?
> or if it was something to be worried about there'd be a warning or some such in the handbook.


Wire protocols... such as git, rsync, ssh, https, etc...
the client interprets what the server sends,
so exploits can and do happen that way.
Remote servers should be considered untrusted.
TLS pubkeys should be verified and pinned.
Those binaries always full of bugs/sploits themselves.
Source code should be considered suspect.
The closed source CPU and NIC hardware
considered owned by dark enemies and spies.
Etc.

There are lots of reasons to never use uid 0.
Ask why use 0, try finding other ways first.

Excepting a few files and dirs, you could
chown -Rh 65000:65000 /
chmod -Rh -s,ugo-w /
mount up the homedirs and the system and
users would run just fine.

As far as storing and compiling src files,
stored by 0 compiled by 60002
provides the same isolation from 60002 as
stored by 60001 compiled by 60002.

The world should be compiled by !=0.
Even making images could avoid 0.
Only install needs 0.

It's fairly common to use other UID or read-only mounts
to keep from accidentally munging sources, etc.

Security is a continuum, from powered down and
unusable, to wide open to the world and exploited.

Those who start learning by trying crazy things
like the ch* above, seeing and fixing what breaks,
usually better off than depending on some handbooks
to teach them everything.

Have fun :)