Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux kernel source archive vulnerable

From: coderpunk <coderpunk () gmail com>
Date: Tue, 12 Sep 2006 09:38:14 -0700
On 9/11/06, Joe Feise <jfeise () feise com> wrote:

coderpunk writes:

>> The standard recommendation is to never compile
>> the kernel as root.
>>
>>
>
> Which obviously doesn't help you when a non-root user edits the
> kernel, you compile it as 'jerry' but still have to install it as
> 'root'. You're still hosed.

Geez, of course not. Unpacking the kernel as non-root honors umask.
Problem solved.
It would help to 'info tar' before posting...


That assumes a proper umask. The kernel source should not depend on
the end user's umask being setup properly.

I'm having a hard time understanding why so many people seem to be
resistant to setting proper permissions in the kernel tree source.
This is the single most important piece of source on a system, it
should be as secure as possible before being released.

Yes, you can mitigate those risks by doing things as non-root (not
everyone does), you can assume a proper umask (not everyone's is), or
you can just fix the permissons at the source and the problem goes
away.

.cp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: