LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: daw@cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: R: Linux kernel source archive vulnerable
Date: Tue, 12 Sep 2006 19:42:07 +0000 (UTC)	[thread overview]
Message-ID: <ee72if$sng$1@taverner.cs.berkeley.edu> (raw)
In-Reply-To: <8E63F0FB-DDD3-41D4-AFA7-88E66D0E9C8D@mac.com>

Kyle Moffett  wrote:
>Please see these threads and quit bringing up this topic like crazy:
>http://marc.theaimsgroup.com/?l=linux-kernel&m=113304241100330&w=2
>http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2

I've read those threads in detail.  Those threads give no justification
whatsoever about why the files are stored in tar with world-writeable
permissions.  The posts to those threads just blame the victim, blame
the maintainers of tar, and point fingers at everyone else.  I cannot
see any good reason why the files in tar need to have world-writeable
permissions.  It seems to me like a simple and reasonable request to make
them non-world-writeable.  It can't hurt, and it might help a few users.
I cannot fathom why there is such resistance to such a simple request.

Just because it is a bug in tar doesn't mean that Linux developers have
to create their tarfile in a way that tickles the bug.  Two wrongs don't
make a right.

Just because it doesn't affect you doesn't mean that it isn't an issue.
You're not the only person in the world.

  parent reply	other threads:[~2006-09-12 19:42 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20060907182304.GA10686@danisch.de>
     [not found] ` <D432C2F98B6D1B4BAE47F2770FEFD6B612B8B7@to1mbxs02.replynet.prv>
2006-09-11 18:29   ` Jon Lewis
2006-09-12  5:06     ` Kyle Moffett
2006-09-12  5:27       ` Willy Tarreau
2006-09-12 19:42       ` David Wagner [this message]
2006-09-12 20:35         ` R: " linux-os (Dick Johnson)
2006-09-12 21:35           ` David Wagner
2006-09-12 22:56             ` Rene Scharfe
2006-09-13  1:17               ` David Wagner
2006-09-13  4:33                 ` Willy Tarreau
2006-09-13  5:34                   ` David Wagner
2006-09-13  6:17                     ` Kyle Moffett
2006-09-13  6:26                       ` David Wagner
2006-09-13  6:49                         ` Kyle Moffett
2006-09-13  6:59                           ` David Wagner
2006-09-13  8:12                             ` Kyle Moffett
2006-09-14 22:38                               ` David Wagner
2006-09-15  7:28                                 ` Stefan Richter
2006-09-13 10:45                         ` Martin Mares
2006-09-13 11:13                           ` Jan Engelhardt
2006-09-13  6:26                       ` Jan Engelhardt
2006-09-13 19:49                         ` Willy Tarreau
2006-09-13  8:51                 ` Stefan Richter
2006-09-14 23:04                 ` Bill Davidsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='ee72if$sng$1@taverner.cs.berkeley.edu' \
    --to=daw@cs.berkeley.edu \
    --cc=daw-usenet@taverner.cs.berkeley.edu \
    --cc=linux-kernel@vger.kernel.org \
    --subject='Re: R: Linux kernel source archive vulnerable' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).