LKML Archive on
help / color / mirror / Atom feed
From: Kyle Moffett <>
To: Jon Lewis <>
Cc: Perego Paolo Franco <>,, Hadmut Danisch <>,
Subject: Re: R: Linux kernel source archive vulnerable
Date: Tue, 12 Sep 2006 01:06:37 -0400	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Sep 11, 2006, at 14:29:58, Jon Lewis wrote:
> On Fri, 8 Sep 2006, Perego Paolo Franco wrote:
>> Anyway just few considerations:
>> 2) a good sysadmin is aware that /usr/src is NOT supposed to be  
>> world writable
> For some reason (bug in how they're being checked out of git, I  
> assume), the latest kernel source tar files have all files and  
> directories world writable.  This is not how it's been in the past  
> and is not how it should be.


Please see these threads and quit bringing up this topic like crazy:

To quote:
> Going over old ground again, any administrator a) compiling the  
> kernel as root or b) relying on GNU tar to make  
> _security_policy_decisions_ is completely insane.
> The only "trick" here is tar's decision not to apply umask, or root  
> uid/gid, to files in a tar when extracted as root.  This might make  
> sense for tars that you created and want to extract again (say  
> restoring a backup), but it certainly NEVER makes sense for files  
> downloaded off the Internet.

So if you must cause a senseless hubbub on, please  
don't spill it over onto LKML.  This sort of thing is at _worst_ a  
bug in GNU tar that it's behavior is different when root.  I run a  
linux system with SELinux where user 0 is no different than any other  
user and has no special permissions at all, and this kind of  
stupidity bites me a lot.  My user 0 is "kyle" when I want to chown  
files I switch to the "sysadm" role, or if I absolutely need to  
override security policy for some reason I jump through hoops to get  
to the "root" role.  In neither of those cases do I care what UID I am.

So either deal insecure permissions when you can't be bothered to use  
GNU tar securely (easy), don't compile your kernel as root (easier)  
or fix GNU tar not to assume UID 0 is God in the first place.

Kyle Moffett

  reply	other threads:[~2006-09-12  5:06 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <>
     [not found] ` <D432C2F98B6D1B4BAE47F2770FEFD6B612B8B7@to1mbxs02.replynet.prv>
2006-09-11 18:29   ` Jon Lewis
2006-09-12  5:06     ` Kyle Moffett [this message]
2006-09-12  5:27       ` Willy Tarreau
2006-09-12 19:42       ` R: " David Wagner
2006-09-12 20:35         ` linux-os (Dick Johnson)
2006-09-12 21:35           ` David Wagner
2006-09-12 22:56             ` Rene Scharfe
2006-09-13  1:17               ` David Wagner
2006-09-13  4:33                 ` Willy Tarreau
2006-09-13  5:34                   ` David Wagner
2006-09-13  6:17                     ` Kyle Moffett
2006-09-13  6:26                       ` David Wagner
2006-09-13  6:49                         ` Kyle Moffett
2006-09-13  6:59                           ` David Wagner
2006-09-13  8:12                             ` Kyle Moffett
2006-09-14 22:38                               ` David Wagner
2006-09-15  7:28                                 ` Stefan Richter
2006-09-13 10:45                         ` Martin Mares
2006-09-13 11:13                           ` Jan Engelhardt
2006-09-13  6:26                       ` Jan Engelhardt
2006-09-13 19:49                         ` Willy Tarreau
2006-09-13  8:51                 ` Stefan Richter
2006-09-14 23:04                 ` Bill Davidsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \
    --subject='Re: R: Linux kernel source archive vulnerable' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).