Re: World writable tarballs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Apr 30, 2006 at 12:49:16PM +0100, Alistair John Strachan wrote:
> Really, people that complain about security should have a modicum of a clue; 
> allowing a tar file that _somebody else_ applied _their_ security policy, to 
> define yours, is a deeply flawed concept. umask is there for a reason.

I think you are missing an important point here. Any person who compiles
a kernel image trusts the providers much more than file modes if one is
to run the kernel too so it's not like file modes are killer of trust
here. You might also argue that "NO_ROOT_HOLE=yes make modules_install"
is required for kernel to install non-world-writable modules.

My umask is just fine, 077. Also, as noted, it does make sense
that tar preserves attributes because admins use it for backuping.

-- 
Heikki Orsila                   Barbie's law:
[email protected]            "Math is hard, let's go shopping!"
http://www.iki.fi/shd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux