| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ee72if$sng$1@taverner.cs.berkeley.edu> Date: Tue, 12 Sep 2006 19:42:07 +0000 (UTC) From: daw@...berkeley.edu (David Wagner) To: linux-kernel@...r.kernel.org Subject: Re: R: Linux kernel source archive vulnerable Kyle Moffett wrote: >Please see these threads and quit bringing up this topic like crazy: >http://marc.theaimsgroup.com/?l=linux-kernel&m=113304241100330&w=2 >http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2 I've read those threads in detail. Those threads give no justification whatsoever about why the files are stored in tar with world-writeable permissions. The posts to those threads just blame the victim, blame the maintainers of tar, and point fingers at everyone else. I cannot see any good reason why the files in tar need to have world-writeable permissions. It seems to me like a simple and reasonable request to make them non-world-writeable. It can't hurt, and it might help a few users. I cannot fathom why there is such resistance to such a simple request. Just because it is a bug in tar doesn't mean that Linux developers have to create their tarfile in a way that tickles the bug. Two wrongs don't make a right. Just because it doesn't affect you doesn't mean that it isn't an issue. You're not the only person in the world. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists