Re: R: Linux kernel source archive vulnerable

[Jan Engelhardt]

>> In any case, regardless of whether this is by design or not, it is not
>> courteous to your users to distribute tar files where all the files have
>> permissions 0666.  That's not a user-friendly to do.
>
>I disagree.
>
>(1) Some systems use per-user groups and create all files group-writeable
>by default, i.e., they set the umask to 002. If you want to be user-friendly,
>you should respect this setting, so the permissions in the tar archives you
>distribute should be 666.
>
>(2) People extracting random archives as root with preserving permissions
>(and owners) are relying on *ALL* archive creators using what they suppose
>are the right permissions, which is at least simple-minded, if not completely
>silly. If you want to help such users, you should do so by helping them
>understand they do a wrong thing and not by hiding the problem in a single
>specific case.

And for those who -- for whatever reason -- extract kernelballs as root, 
should go use --no-same-permission.


Jan Engelhardt
-- 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/