[Full-disclosure] Re: Linux kernel source archive vulnerable

On 9/11/06, Joe Feise <jfeise@xxxxxxxxx> wrote:
coderpunk writes:

>> The standard recommendation is to never compile
>> the kernel as root.
>>
>>
>
> Which obviously doesn't help you when a non-root user edits the
> kernel, you compile it as 'jerry' but still have to install it as
> 'root'. You're still hosed.

Geez, of course not. Unpacking the kernel as non-root honors umask.
Problem solved.
It would help to 'info tar' before posting...

That assumes a proper umask. The kernel source should not depend on
the end user's umask being setup properly.

I'm having a hard time understanding why so many people seem to be
resistant to setting proper permissions in the kernel tree source.
This is the single most important piece of source on a system, it
should be as secure as possible before being released.

Yes, you can mitigate those risks by doing things as non-root (not
everyone does), you can assume a proper umask (not everyone's is), or
you can just fix the permissons at the source and the problem goes
away.

.cp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: Distributions
    ... | general there are a lot of packages for people to use. ... kernel, have to run on a multitude of different systems, they tend to be ... and slower than if you compile those packages, ... can have that stability with virtually any distro. ...
    (Debian-User)
  • Re: What good is root=/dev/xxx?
    ... Because it told me to set the root= ... > the root device where the kernel should start. ... During compile the boot device for ... kernel image that was compiled on another system. ...
    (comp.os.linux.development.system)
  • Re: Distributions
    ... Ubuntu is based on Debian, ... | general there are a lot of packages for people to use. ... kernel, have to run on a multitude of different systems, they tend to be larger ... and slower than if you compile those packages, ...
    (Debian-User)
  • Problems with custom kernel fbsd 6.2
    ... My kernel for freebsd 6.2 is not compiling but only with my custom config. ... I was able to compile it with the GENERIC kernel included, but my modified one will not compile. ... # Power management support ...
    (freebsd-questions)
  • Re: Installing grub for a different computer
    ... > NOW Murphy is kicking good and proper. ... > Mounting root filesystem. ... at least the kernel was loaded from ... root parameter on kernel line is pointing to the wrong partition ...
    (Fedora)