| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060912052729.GF541@1wt.eu> Date: Tue, 12 Sep 2006 07:27:29 +0200 From: Willy Tarreau <w@....eu> To: Kyle Moffett <mrmacman_g4@....com> Cc: Jon Lewis <jlewis@...is.org>, Perego Paolo Franco <p.perego@...ly.it>, linux-kernel@...r.kernel.org, Hadmut Danisch <hadmut@...isch.de>, torvalds@...l.org Subject: Re: Linux kernel source archive vulnerable On Tue, Sep 12, 2006 at 01:06:37AM -0400, Kyle Moffett wrote: > On Sep 11, 2006, at 14:29:58, Jon Lewis wrote: > >On Fri, 8 Sep 2006, Perego Paolo Franco wrote: > > > >>Anyway just few considerations: > >>2) a good sysadmin is aware that /usr/src is NOT supposed to be > >>world writable > > > >For some reason (bug in how they're being checked out of git, I > >assume), the latest kernel source tar files have all files and > >directories world writable. This is not how it's been in the past > >and is not how it should be. > > -ENOBUG > > Please see these threads and quit bringing up this topic like crazy: > http://marc.theaimsgroup.com/?l=linux-kernel&m=113304241100330&w=2 > http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2 BTW, since git 1.4.2, it's possible to specify "umask=022" in the [tar] section of the repo config to bring back the old behaviour. Maybe it would be a good idea to use it on Linus' side to make everyone happy ? Regards, Willy - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists