Re: linux-2.6.14.tar.bz2 permissions
From: Nish Aravamudan
Date: Sat Nov 26 2005 - 20:46:04 EST
On 11/26/05, Alistair John Strachan <s0348365@xxxxxxxxxxxx> wrote:
> On Sunday 27 November 2005 01:13, David Brown wrote:
> > > David, it'd probably help if you listed all of the affected files, then
> > > people can explain themselves and/or correct the permissions.
> > >
> > > I personally think that your point is valid and security should be
> > > considered when packing the kernel sources. It might even be possible for
> > > Linus's tarball script to remove global write permissions.
> >
> > Okay but it's kinda big here's how I did it.
> >
> > # for file in `find *` ; do if ls -l $file | grep -q '^.....w..w.' ;
> > then ls -d $file ; fi ; done | wc -l
> > 19552
> > # find * | wc -l
> > 19552
> >
> > seems to be all of them :\
> >
> > I'll attach the file list
>
> Sure enough, I can confirm this.
>
> I don't seem to have to provide --no-same-permissions to tar to get umask to
> affect the permissions of extracted files, so my files are fine on-disc.
FWIW, ubuntu's man-pages claim:
" --no-same-permissions
apply umask to extracted files (the default for non-root users)"
and
" -p, --same-permissions, --preserve-permissions
ignore umask when extracting files (the default for root)"
Maybe you are untarring as non-root and David is untarring as root?
> What disturbs me more is the number of people using insecure umasks before
> checking files in! When does a text file really want to be a+w?
That I do not know.
Thanks,
Nish
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/