|
Full Disclosure
mailing list archives
Re: Linux kernel source archive vulnerable
From: coderpunk <coderpunk () gmail com>
Date: Tue, 12 Sep 2006 09:38:14 -0700
On 9/11/06, Joe Feise <jfeise () feise com> wrote:
coderpunk writes:
>> The standard recommendation is to never compile
>> the kernel as root.
>>
>>
>
> Which obviously doesn't help you when a non-root user edits the
> kernel, you compile it as 'jerry' but still have to install it as
> 'root'. You're still hosed.
Geez, of course not. Unpacking the kernel as non-root honors umask.
Problem solved.
It would help to 'info tar' before posting...
That assumes a proper umask. The kernel source should not depend on
the end user's umask being setup properly.
I'm having a hard time understanding why so many people seem to be
resistant to setting proper permissions in the kernel tree source.
This is the single most important piece of source on a system, it
should be as secure as possible before being released.
Yes, you can mitigate those risks by doing things as non-root (not
everyone does), you can assume a proper umask (not everyone's is), or
you can just fix the permissons at the source and the problem goes
away.
.cp
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: tar alternative, (continued)
Re: Linux kernel source archive vulnerable coderpunk (Sep 11)
|
Intro
