lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Sep 2006 10:55:32 -0500 From: "Gerald (Jerry) Carter" <jerry@...ba.org> To: Hadmut Danisch <hadmut@...isch.de> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Linux kernel source archive vulnerable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hadmut Danisch wrote: > Hi, > > there's a severe vulnerability in the Linux kernel > source code archives: It is my understanding that the permissions are intentionally set that way. This hash been discussed several times over the past year. http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2 http://marc.theaimsgroup.com/?l=linux-kernel&m=113304241100330&w=2 > The Linux kernel is distributed as tar archives > in the form of linux-2.6.17.11.tar.bz2 from kernel.org. > It is usually unpacked, configured and compiled > under /usr/src. Since installing a new kernel > requires root privileges, this is usually done as root. The standard recommendation is to never compile the kernel as root. cheers, jerry ===================================================================== Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFAZJzIR7qMdg1EfYRAuhSAKCYurfH4UVuiBVPZBg5bVLt9q+nywCglRWF vEnpAsN1S4DWQflVvM6Jcqs= =okZq -----END PGP SIGNATURE-----
Powered by blists - more mailing lists