Re: Kernelsources writeable for everyone?!

From: Troy Benjegerdes
Date: Mon Jun 26 2006 - 03:10:22 EST


On Sat, Jun 24, 2006 at 07:17:02PM +0100, Al Viro wrote:
> On Sat, Jun 24, 2006 at 08:00:50PM +0200, Daniel wrote:
> > Hi,
> > may be this was reported/asked 999999999 times, but here ist the 1000000000th:
> >
> > I have downloaded linux-2.6.17.1 10 min ago and I noticed that every file is
> > writeable by everyone. What's going on there?
>
> You are unpacking tarballs as root and preserve ownership and permissions.
> Don't.

While it is true that users generally shouldn't be unpacking tarballs as root,
It seems rather monumentally stupid for a trusted source for a critical
system component (aka, kernel.org) to be distributing tarballs like
this.

How hard is it really to make the git tarball export script set sane
owner (root) and permissions (644/755) on files and directories?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/