Re: linux-2.6.14.tar.bz2 permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/26/05, Alistair John Strachan <[email protected]> wrote:
> On Sunday 27 November 2005 01:13, David Brown wrote:
> > > David, it'd probably help if you listed all of the affected files, then
> > > people can explain themselves and/or correct the permissions.
> > >
> > > I personally think that your point is valid and security should be
> > > considered when packing the kernel sources. It might even be possible for
> > > Linus's tarball script to remove global write permissions.
> >
> > Okay but it's kinda big here's how I did it.
> >
> > # for file in `find *` ; do if ls -l $file | grep -q '^.....w..w.' ;
> > then ls -d $file ; fi ; done | wc -l
> > 19552
> > # find * | wc -l
> > 19552
> >
> > seems to be all of them :\
> >
> > I'll attach the file list
>
> Sure enough, I can confirm this.
>
> I don't seem to have to provide --no-same-permissions to tar to get umask to
> affect the permissions of extracted files, so my files are fine on-disc.

FWIW, ubuntu's man-pages claim:

"       --no-same-permissions
              apply umask to extracted files (the default for non-root users)"

and

"       -p, --same-permissions, --preserve-permissions
              ignore umask when extracting files (the default for root)"

Maybe you are untarring as non-root and David is untarring as root?

> What disturbs me more is the number of people using insecure umasks before
> checking files in! When does a text file really want to be a+w?

That I do not know.

Thanks,
Nish
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux