Re: R: Linux kernel source archive vulnerable
From: David Wagner
Date: Tue Sep 12 2006 - 15:42:46 EST
Kyle Moffett wrote:
>Please see these threads and quit bringing up this topic like crazy:
>http://marc.theaimsgroup.com/?l=linux-kernel&m=113304241100330&w=2
>http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2
I've read those threads in detail. Those threads give no justification
whatsoever about why the files are stored in tar with world-writeable
permissions. The posts to those threads just blame the victim, blame
the maintainers of tar, and point fingers at everyone else. I cannot
see any good reason why the files in tar need to have world-writeable
permissions. It seems to me like a simple and reasonable request to make
them non-world-writeable. It can't hurt, and it might help a few users.
I cannot fathom why there is such resistance to such a simple request.
Just because it is a bug in tar doesn't mean that Linux developers have
to create their tarfile in a way that tickles the bug. Two wrongs don't
make a right.
Just because it doesn't affect you doesn't mean that it isn't an issue.
You're not the only person in the world.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/