[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1f29b8940609121457p2d4df706td50955cce74b531f@mail.gmail.com>
Date: Tue, 12 Sep 2006 14:57:04 -0700
From: "Chris Umphress" <umphress@...il.com>
To: coderpunk <coderpunk@...il.com>
Cc: "Gerald \(Jerry\) Carter" <jerry@...ba.org>,
full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Re: Linux kernel source archive vulnerable
On 9/12/06, coderpunk <coderpunk@...il.com> wrote:
> > >> The standard recommendation is to never compile
> > >> the kernel as root.
> > >>
> > > Which obviously doesn't help you when a non-root user edits the
> > > kernel, you compile it as 'jerry' but still have to install it as
> > > 'root'. You're still hosed.
> >
> > Geez, of course not. Unpacking the kernel as non-root honors umask.
> > Problem solved.
> > It would help to 'info tar' before posting...
>
> That assumes a proper umask. The kernel source should not depend on
> the end user's umask being setup properly.
Is it the kernel developers' fault if your umask is extremely lax for
a normal user? If it is lax, security of the kernel source isn't your
only problem.... Security in general is.
--
Chris Umphress <http://daga.dyndns.org/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists