Re: World writable tarballs
- From: Heikki Orsila <shd@xxxxxxxxxx>
- Date: Sun, 30 Apr 2006 16:53:23 +0000
On Sun, Apr 30, 2006 at 12:49:16PM +0100, Alistair John Strachan wrote:
Really, people that complain about security should have a modicum of a clue;
allowing a tar file that _somebody else_ applied _their_ security policy, to
define yours, is a deeply flawed concept. umask is there for a reason.
I think you are missing an important point here. Any person who compiles
a kernel image trusts the providers much more than file modes if one is
to run the kernel too so it's not like file modes are killer of trust
here. You might also argue that "NO_ROOT_HOLE=yes make modules_install"
is required for kernel to install non-world-writable modules.
My umask is just fine, 077. Also, as noted, it does make sense
that tar preserves attributes because admins use it for backuping.
--
Heikki Orsila Barbie's law:
heikki.orsila@xxxxxx "Math is hard, let's go shopping!"
http://www.iki.fi/shd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- References:
- World writable tarballs
- From: Mark Rosenstand
- Re: World writable tarballs
- From: Alistair John Strachan
- Re: World writable tarballs
- From: Heikki Orsila
- Re: World writable tarballs
- From: Alistair John Strachan
- World writable tarballs
- Prev by Date: [PATCH 2/2] uml: rename and improve actually_do_remove()
- Next by Date: Re: World writable tarballs
- Previous by thread: Re: World writable tarballs
- Next by thread: [BUG] 2.6.15-rt16 __cache_alloc at mm/slab.c
- Index(es):
Relevant Pages
|
|
