Re: World writable tarballs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2006-04-30 at 12:49 +0100, Alistair John Strachan wrote:
> Going over old ground again, any administrator a) compiling the kernel as root 
> or b) relying on GNU tar to make _security policy decisions_ is completely 
> insane.

Yes, GNU tar is acting insane. Given that GNU tar is the most widely
used tar implementation (at least for extracting linux sources), why is
the kernel packaged to exploit this insane behaviour?

> Really, people that complain about security should have a modicum of a clue; 
> allowing a tar file that _somebody else_ applied _their_ security policy, to 
> define yours, is a deeply flawed concept. umask is there for a reason.

I merely asked if it was on purpose. In my point of view, it's wrong to
deliberately expose people to such big security threads.

That said, the kernel source is actually the only thing I extract as
root, mostly because I think it's weird to have symlinks in /lib/modules
point to my user's home directory.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux