| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Sep 2006 23:37:31 +0200
From: hadmut@...isch.de (Hadmut Danisch)
To: "Gerald (Jerry) Carter" <jerry@...ba.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux kernel source archive vulnerable
On Fri, Sep 08, 2006 at 01:38:00PM -0500, Gerald (Jerry) Carter wrote:
> Your logic is false here. If the kernel maintainers
> and developers say don't compile as root and you
> do it anyways, That's your choice.
Your assumption is false here. The kernel maintainers DO NOT say this:
Read the README file, it does not contain any statement that you do
not have to compile as root. They silently explain how to compile if
you are not root, but they don't tell not to be root.
> But it is not the
> same thing as running the kernel. You may disagree but
> deliberately choosing not to follow the advice of
> the maintainer of a software package does not logically
> follow from your statement above.
Again: There is no such advice. The README just says
"To do the actual install you have to be root, but none of the normal
build should require that. "
So you don't need to be root in order to compile. But this is not an
advice to not be root.
And the README says:
bzip2 -dc linux-2.6.XX.tar.bz2 | tar xvf -
There is not even the --no-same-permissions option mentioned.
> Now if you want to talk about Samba.... :-)
Did not have any significant problem with samba so far...
regards
Hadmut
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists