Re: R: Linux kernel source archive vulnerable

From: Jon Lewis
Date: Mon Sep 11 2006 - 14:27:09 EST

On Fri, 8 Sep 2006, Perego Paolo Franco wrote:

Anyway just few considerations:
2) a good sysadmin is aware that /usr/src is NOT supposed to be world writable

Ownership/permissions on /usr/src are irrelevant. For some reason (bug in how they're being checked out of git, I assume), the latest kernel source tar files have all files and directories world writable. This is not how it's been in the past and is not how it should be.

The change happened between 2.6.13.3 and 2.6.13.4.

$ tar -tvjf /var/ftp/pub/Linux/ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.3.tar.bz2 | less
tar: Record size = 8 blocks
drwxr-xr-x git/git 0 2005-10-03 19:27:35 linux-2.6.13.3/
-rw-r--r-- git/git 18691 2005-10-03 19:27:35 linux-2.6.13.3/COPYING
-rw-r--r-- git/git 89317 2005-10-03 19:27:35 linux-2.6.13.3/CREDITS
drwxr-xr-x git/git 0 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/
-rw-r--r-- git/git 10244 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/00-INDEX
-rw-r--r-- git/git 3699 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/BUG-HUNTING
-rw-r--r-- git/git 13072 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/Changes
-rw-r--r-- git/git 15351 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/CodingStyle
-rw-r--r-- git/git 20407 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/DMA-API.txt
-rw-r--r-- git/git 31996 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/DMA-mapping.txt
drwxr-xr-x git/git 0 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/DocBook/

$ tar -tvjf /var/ftp/pub/Linux/ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.4.tar.bz2 | less
tar: Record size = 8 blocks
drwxr-xr-x git/git 0 2005-10-10 14:54:29 linux-2.6.13.4/
-rw-rw-rw- git/git 18691 2005-10-10 14:54:29 linux-2.6.13.4/COPYING
-rw-rw-rw- git/git 89317 2005-10-10 14:54:29 linux-2.6.13.4/CREDITS
drwxrwxrwx git/git 0 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/
-rw-rw-rw- git/git 10244 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/00-INDEX
-rw-rw-rw- git/git 3699 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/BUG-HUNTING
-rw-rw-rw- git/git 13072 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/Changes
-rw-rw-rw- git/git 15351 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/CodingStyle
-rw-rw-rw- git/git 20407 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/DMA-API.txt
-rw-rw-rw- git/git 31996 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/DMA-mapping.txt
drwxrwxrwx git/git 0 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/DocBook/

In the very latest, even the source tree's root is 777.

$ tar -tvjf /var/ftp/pub/Linux/ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.13.tar.bz2 | less
tar: Record size = 8 blocks
drwxrwxrwx git/git 0 2006-09-08 23:23:25 linux-2.6.17.13/
-rw-rw-rw- git/git 462 2006-09-08 23:23:25 linux-2.6.17.13/.gitignore
-rw-rw-rw- git/git 18693 2006-09-08 23:23:25 linux-2.6.17.13/COPYING
-rw-rw-rw- git/git 89536 2006-09-08 23:23:25 linux-2.6.17.13/CREDITS
drwxrwxrwx git/git 0 2006-09-08 23:23:25 linux-2.6.17.13/Documentation/
-rw-rw-rw- git/git 10581 2006-09-08 23:23:25 linux-2.6.17.13/Documentation/00-INDEX
-rw-rw-rw- git/git 7249 2006-09-08 23:23:25 linux-2.6.17.13/Documentation/BUG-HUNTING
-rw-rw-rw- git/git 11655 2006-09-08 23:23:25 linux-2.6.17.13/Documentation/Changes

----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/