lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 09 Sep 2006 01:37:52 -0400
From: Valdis.Kletnieks@...edu
To: hadmut@...isch.de (Hadmut Danisch)
Cc: "Gerald \(Jerry\) Carter" <jerry@...ba.org>,
full-disclosure@...ts.grok.org.uk
Subject: Re: Re: Linux kernel source archive vulnerable
On Fri, 08 Sep 2006 23:37:31 +0200, Hadmut Danisch said:
> Again: There is no such advice. The README just says
>
> "To do the actual install you have to be root, but none of the normal
> build should require that. "
>
> So you don't need to be root in order to compile. But this is not an
> advice to not be root.
If you can't put together "none of the normal build should require it" and
the standard advice of "don't run anything as root unless it requires it"
(you *are* aware that's standard advice, right?) to get "therefor, don't
build it as root, since root isn't required", you probably shouldn't be
doing *anything* as root.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists