LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Kyle Moffett <mrmacman_g4@mac.com>
To: daw-usenet@taverner.cs.berkeley.edu (David Wagner)
Cc: linux-kernel@vger.kernel.org
Subject: Re: R: Linux kernel source archive vulnerable
Date: Wed, 13 Sep 2006 04:12:44 -0400	[thread overview]
Message-ID: <45F1F6C1-FB19-4E6D-BEFE-B8C541D7A2F3@mac.com> (raw)
In-Reply-To: <ee8a8j$gf7$1@taverner.cs.berkeley.edu>

On Sep 13, 2006, at 02:59:31, David Wagner wrote:
> Kyle Moffett  wrote:
>> No, git-tar-tree is storing the desired permissions (0666 and  
>> 0777)   in the tar archive.  This is not a bug, those are actually  
>> the permissions we want in the tar archive.
>
> Those may be the permissions *you* want, but they're not the  
> permissions I suspect many users would prefer.

How do you decide what users would prefer?  I seem to recall the UNIX  
way to do that is umask which works perfectly with tar as a normal  
user and kernel tarballs.  I fail to see how you get world-writable  
files from a kernel tree unless your umask is 0000 or you're using  
tar in backup-mode; which is senseless on a tar file not built to  
restore as a backup.  For that matter, how do you determine which  
user it should extract as?  UID 0?  Linus' UID?  My UID?  What  
happens when I extract files on my SELinux system under the sysadm  
role as UID 500?  Should they get UID 0 because I have chown  
permissions and the author of the tar archive was tarring as root?

Relying on GNU tar and/or the permissions embedded in a tar file you  
downloaded from the internet to enforce your security policy is going  
to lead to a world of pain.

Besides, even Linus said:
> I would suggest that people who compile new kernels should:
> [...]
> - compile the kernel in their own home directory, as their very own  
> selves.  No need to be root to compile the kernel.  You need to be  
> root to _install_ the kernel, but that's different.


> Take a look at any open-source project that ships tar archives of  
> their source code.  Do they ship tarballs of their source code  
> where all the files have 0666 permissions?

Actually, if you start browsing random software tarballs you'll find  
that 1 in 5 or so has world-write permissions on at _minimum_ the  
root directory, more often the whole source tree.

I ran:

> for i in *.tar.gz; do tar -tvzf $i | head -n 1; done | less

on my directory of source tarballs and just going alphabetically down  
the list here's a list I found with drwxrwxrwx for the root directory  
of the archive:

OpenSP-1.5.1.tar.gz
bison-2.1.tar.gz
cyrus-sasl-2.1.21.tar.gz
findutils-4.2.20.tar.gz
gawk-3.1.4.tar.gz
gd-2.0.33.tar.gz
glib-1.2.10.tar.gz
gmp-4.2.1.tar.gz
guile-1.4.tar.gz
gzip-1.2.4a.tar.gz
libtool-1.5.22.tar.gz
links-0.99.tar.gz
mpfr-2.2.0.tar.gz
openMotif-2.2.3.tar.gz

If this is really a "security issue" as you claim and not an admin- 
caused PEBKAC problem then a lot more software than the kernel is at  
risk.  At least with the kernel we can expect people to have some  
idea what they're doing, with some of the software above there are  
README files that say "BEGINNER TUTORIAL" and go over the basics of  
configure scripts.

So is this really about security or about _you_ being too lazy to  
pass the appropriate option to tar when unpacking a software tarball  
as root?

Cheers,
Kyle Moffett

  reply	other threads:[~2006-09-13  8:12 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20060907182304.GA10686@danisch.de>
     [not found] ` <D432C2F98B6D1B4BAE47F2770FEFD6B612B8B7@to1mbxs02.replynet.prv>
2006-09-11 18:29   ` Jon Lewis
2006-09-12  5:06     ` Kyle Moffett
2006-09-12  5:27       ` Willy Tarreau
2006-09-12 19:42       ` R: " David Wagner
2006-09-12 20:35         ` linux-os (Dick Johnson)
2006-09-12 21:35           ` David Wagner
2006-09-12 22:56             ` Rene Scharfe
2006-09-13  1:17               ` David Wagner
2006-09-13  4:33                 ` Willy Tarreau
2006-09-13  5:34                   ` David Wagner
2006-09-13  6:17                     ` Kyle Moffett
2006-09-13  6:26                       ` David Wagner
2006-09-13  6:49                         ` Kyle Moffett
2006-09-13  6:59                           ` David Wagner
2006-09-13  8:12                             ` Kyle Moffett [this message]
2006-09-14 22:38                               ` David Wagner
2006-09-15  7:28                                 ` Stefan Richter
2006-09-13 10:45                         ` Martin Mares
2006-09-13 11:13                           ` Jan Engelhardt
2006-09-13  6:26                       ` Jan Engelhardt
2006-09-13 19:49                         ` Willy Tarreau
2006-09-13  8:51                 ` Stefan Richter
2006-09-14 23:04                 ` Bill Davidsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45F1F6C1-FB19-4E6D-BEFE-B8C541D7A2F3@mac.com \
    --to=mrmacman_g4@mac.com \
    --cc=daw-usenet@taverner.cs.berkeley.edu \
    --cc=linux-kernel@vger.kernel.org \
    --subject='Re: R: Linux kernel source archive vulnerable' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).