Currently, the /tools and /cross-tools directories are owned by the user
clfs, a user that exists only
on the host system. Although /tools and
/cross-tools can be deleted once the
CLFS system has been finished, they can be retained to build
additional CLFS systems. If the /tools
and /cross-tools directories are kept
as is, the files are owned by a user ID without a corresponding
account. This is dangerous because a user account created later could
get this same user ID and would own these directories and all the
files therein, thus exposing those files to possible malicious
manipulation.
One possible fix for this issue might be to add the clfs user to the new CLFS system later when
creating the /etc/passwd file, taking
care to assign it the same user and group IDs as on the host system.
Alternatively, assign the contents of the /tools and /cross-tools directories to user root by running the following commands:
chown -Rv 0:0 /tools chown -Rv 0:0 /cross-tools
The commands use 0:0 instead
of root:root, because
chown is unable to
resolve the name “root” until
the passwd file has been created.