| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Sep 2006 14:57:04 -0700 From: "Chris Umphress" <umphress@...il.com> To: coderpunk <coderpunk@...il.com> Cc: "Gerald \(Jerry\) Carter" <jerry@...ba.org>, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Re: Linux kernel source archive vulnerable On 9/12/06, coderpunk <coderpunk@...il.com> wrote: > > >> The standard recommendation is to never compile > > >> the kernel as root. > > >> > > > Which obviously doesn't help you when a non-root user edits the > > > kernel, you compile it as 'jerry' but still have to install it as > > > 'root'. You're still hosed. > > > > Geez, of course not. Unpacking the kernel as non-root honors umask. > > Problem solved. > > It would help to 'info tar' before posting... > > That assumes a proper umask. The kernel source should not depend on > the end user's umask being setup properly. Is it the kernel developers' fault if your umask is extremely lax for a normal user? If it is lax, security of the kernel source isn't your only problem.... Security in general is. -- Chris Umphress <http://daga.dyndns.org/> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists