Re: World writable tarballs

On Sun, Apr 30, 2006 at 09:15:01AM +0000, Heikki Orsila wrote:
> On Sun, Apr 30, 2006 at 01:48:12AM +0100, Alistair John Strachan wrote:
> > There's no need to repeatedly discuss it.
> 
> I think there is. Sorry for wasting bandwidth.
> 
> It's a big security hole deliberately caused by the kernel people (files
> in the tar ball have og+w, so it's not problem in roots umask or tar).
> Real security needs _simplicity_ but current file modes require
> unnecessary _tricks_ for admins. There should be nothing against
> untarring files as root. In this case it makes sense too, because only
> the tar balls are crypto signed, not the individual files inside the tar
> ball, so root can conveniently just verify the crypto signature and
> untar the file without any race conditions or trusting other users. The
> only real alternative is to create an _unnecessary_ trusted user to do
> tar ball handling.
> 
> PS. this file permission bug almost bit me. People make errors and this
> one is potentially a big privilege escalation, because it potentially
> turns normal application bugs into root privileges.

Although I don't like finding world-writable files in tar archives, I
think you're exagerating a bit. First, you're not turning normal bugs
into root privileges, and second, you don't need to create a user just
for this, you just have to extract it in a directory that other users
cannot access (chmod o-x).

Also, you'll find several other software on the net with full rights,
so if this really is a concern to you, you'd better get used to this
with simple and reliable solutions (ntp comes to mind).

> Heikki Orsila                   Barbie's law:
> [email protected]            "Math is hard, let's go shopping!"
> http://www.iki.fi/shd

Regards,
Willy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • World writable tarballs
    • From: Mark Rosenstand <[email protected]>
  • Re: World writable tarballs
    • From: Alistair John Strachan <[email protected]>
  • Re: World writable tarballs
    • From: Heikki Orsila <[email protected]>

• Prev by Date: Re: IP1000 gigabit nic driver
• Next by Date: Re: Simple header cleanups
• Previous by thread: Re: World writable tarballs
• Next by thread: Re: World writable tarballs
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]