Re: R: Linux kernel source archive vulnerable

Willy Tarreau  wrote:
>The initial reason is that Linus now uses the "git-tar-tree" command
>which creates the full tar archive from the tree. It does not use tar,
>it know how to produce the tar format itself. The command has to set
>permissions on the files, and by default, it sets full permissions to
>the files.

Ahh, thanks for the explanation.  That's helpful.

So it sounds like git-tar-tree has a bug; its default isn't setting
meaningful permissions on the files that it puts into the tar archive.
I hope the maintainers of git-tar-tree will consider fixing this bug.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: R: Linux kernel source archive vulnerable
  - From: Kyle Moffett <[email protected]>

References:
- Re: R: Linux kernel source archive vulnerable
  - From: Rene Scharfe <[email protected]>
- Re: R: Linux kernel source archive vulnerable
  - From: [email protected] (David Wagner)
- Re: R: Linux kernel source archive vulnerable
  - From: Willy Tarreau <[email protected]>

Prev by Date: AW: fix 2.4.33.3 / sun partition size
Next by Date: Re: OT: calling kernel syscall manually
Previous by thread: Re: R: Linux kernel source archive vulnerable
Next by thread: Re: R: Linux kernel source archive vulnerable
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]