Re: World writable tarballs

From: Mark Rosenstand
Date: Sun Apr 30 2006 - 08:36:09 EST

Next message: Alistair John Strachan: "Re: World writable tarballs"
Previous message: Andrey Borzenkov: "Checking modalias supported by vmlinux"
In reply to: Alistair John Strachan: "Re: World writable tarballs"
Next in thread: Alistair John Strachan: "Re: World writable tarballs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2006-04-30 at 12:49 +0100, Alistair John Strachan wrote:
> Going over old ground again, any administrator a) compiling the kernel as root
> or b) relying on GNU tar to make _security policy decisions_ is completely
> insane.

Yes, GNU tar is acting insane. Given that GNU tar is the most widely
used tar implementation (at least for extracting linux sources), why is
the kernel packaged to exploit this insane behaviour?

> Really, people that complain about security should have a modicum of a clue;
> allowing a tar file that _somebody else_ applied _their_ security policy, to
> define yours, is a deeply flawed concept. umask is there for a reason.

I merely asked if it was on purpose. In my point of view, it's wrong to
deliberately expose people to such big security threads.

That said, the kernel source is actually the only thing I extract as
root, mostly because I think it's weird to have symlinks in /lib/modules
point to my user's home directory.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alistair John Strachan: "Re: World writable tarballs"
Previous message: Andrey Borzenkov: "Checking modalias supported by vmlinux"
In reply to: Alistair John Strachan: "Re: World writable tarballs"
Next in thread: Alistair John Strachan: "Re: World writable tarballs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]