Re: linux-2.6.14.tar.bz2 permissions
From: Alistair John Strachan
Date: Sat Nov 26 2005 - 20:43:47 EST
On Sunday 27 November 2005 01:13, David Brown wrote:
> > David, it'd probably help if you listed all of the affected files, then
> > people can explain themselves and/or correct the permissions.
> >
> > I personally think that your point is valid and security should be
> > considered when packing the kernel sources. It might even be possible for
> > Linus's tarball script to remove global write permissions.
>
> Okay but it's kinda big here's how I did it.
>
> # for file in `find *` ; do if ls -l $file | grep -q '^.....w..w.' ;
> then ls -d $file ; fi ; done | wc -l
> 19552
> # find * | wc -l
> 19552
>
> seems to be all of them :\
>
> I'll attach the file list
Sure enough, I can confirm this.
I don't seem to have to provide --no-same-permissions to tar to get umask to
affect the permissions of extracted files, so my files are fine on-disc.
What disturbs me more is the number of people using insecure umasks before
checking files in! When does a text file really want to be a+w?
--
Cheers,
Alistair.
'No sense being pessimistic, it probably wouldn't work anyway.'
Third year Computer Science undergraduate.
1F2 55 South Clerk Street, Edinburgh, UK.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/