Full Disclosure mailing list archives
Re: Re: Linux kernel source archive vulnerable
From: Michael Gale <michael.gale () pason com>
Date: Fri, 08 Sep 2006 16:49:48 -0600
Most people who compile software do so as a normal user, not as root. You can not expect every piece of software to explicitly state do not be root.
It is not the developers who dictate who can compile software, it is good form for them to make it so a normal user can compile software and it is good practice to compile software as a normal user.
So it looks like you have beaten this issue to death and it comes down to your opinion on how things should work. I would suggest e-mailing the kernel developers with your concerns.
Until then, I like the fact that as a normal user I can simple extract the tarball under my build location. Make changes and test the builds with out having to be root.
I would consider your concerns made, so there is no further reason to spam this list.
Michael Hadmut Danisch wrote:
On Fri, Sep 08, 2006 at 01:38:00PM -0500, Gerald (Jerry) Carter wrote:Your logic is false here. If the kernel maintainers and developers say don't compile as root and you do it anyways, That's your choice.Your assumption is false here. The kernel maintainers DO NOT say this: Read the README file, it does not contain any statement that you do not have to compile as root. They silently explain how to compile if you are not root, but they don't tell not to be root.But it is not the same thing as running the kernel. You may disagree but deliberately choosing not to follow the advice of the maintainer of a software package does not logically follow from your statement above.Again: There is no such advice. The README just says "To do the actual install you have to be root, but none of the normal build should require that. " So you don't need to be root in order to compile. But this is not an advice to not be root. And the README says: bzip2 -dc linux-2.6.XX.tar.bz2 | tar xvf - There is not even the --no-same-permissions option mentioned.Now if you want to talk about Samba.... :-)Did not have any significant problem with samba so far... regards Hadmut _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Michael Gale Red Hat Certified Engineer Network Administrator Pason Systems Corp. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Linux kernel source archive vulnerable, (continued)
- RE: Linux kernel source archive vulnerable Airey, John (Sep 08)
- Re: Linux kernel source archive vulnerable Georgi Guninski (Sep 08)
- Re: Linux kernel source archive vulnerable Roland Kuhn (Sep 08)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Linux kernel source archive vulnerable Gerald (Jerry) Carter (Sep 08)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Linux kernel source archive vulnerable Gerald (Jerry) Carter (Sep 08)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Linux kernel source archive vulnerable Gerald (Jerry) Carter (Sep 08)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Re: Linux kernel source archive vulnerable Michael Gale (Sep 08)
- Re: Re: Linux kernel source archive vulnerable Valdis . Kletnieks (Sep 09)
- Re: Linux kernel source archive vulnerable Ron (Sep 24)
- Re: Linux kernel source archive vulnerable Hadmut Danisch (Sep 08)
- Re: Re: Linux kernel source archive vulnerable Jurjen Oskam (Sep 08)
- tar alternative Tim (Sep 08)
- Re: tar alternative Cristi Mitrana (Sep 08)
- Re: Re: tar alternative Tim (Sep 09)
- Re: Re: tar alternative darren kirby (Sep 09)
- Re: Re: tar alternative Tim (Sep 09)
- Re: tar alternative Aaron Gray (Sep 15)
- Re: tar alternative Tim (Sep 20)