linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Re: permissions inside linux-2.6.0-test6.tar.bz2
       [not found] <CJIC.4he.15@gated-at.bofh.it>
@ 2003-10-04 16:21 ` Pascal Schmidt
  0 siblings, 0 replies; 3+ messages in thread
From: Pascal Schmidt @ 2003-10-04 16:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Delian Krustev

> So, these files are not world readable as they should be.
> I bumped into this while trying to compile the kernel from user.
> Anyone trying to do so and trying to use one of these files is
> affected.
[...]
> One more thing I want to recommend. Please use the tar options
> --owner 0 --group 0 when creating the archive. The uid/gid 1046
> combination might already be present on the system(or appear in
> the future) and might bring security risks for the unwary.

Just don't unpack the sources as the user wanting to do the
compile, then tar can't set file ownership and the permissions are
okay for compiling.

-- 
Ciao,
Pascal

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: permissions inside linux-2.6.0-test6.tar.bz2
       [not found] ` <CXsk.7ta.11@gated-at.bofh.it>
@ 2003-10-04 16:38   ` Pascal Schmidt
  0 siblings, 0 replies; 3+ messages in thread
From: Pascal Schmidt @ 2003-10-04 16:38 UTC (permalink / raw)
  To: linux-kernel

On Sat, 04 Oct 2003 18:30:16 +0200, you wrote in linux.kernel:

> Just don't unpack the sources as the user wanting to do the
> compile, then tar can't set file ownership and the permissions are
> okay for compiling.

s/don't//

-- 
Ciao,
Pascal

^ permalink raw reply	[flat|nested] 3+ messages in thread
* permissions inside linux-2.6.0-test6.tar.bz2
@ 2003-10-04  1:47 Delian Krustev
  0 siblings, 0 replies; 3+ messages in thread
From: Delian Krustev @ 2003-10-04  1:47 UTC (permalink / raw)
  To: linux-kernel

First excuse me if this has already been posted but a quick search
showed me it hadn't. The problem is trivial and it should have been
resolved if it has been reported.

Here it is:

# tar xjf linux-2.6.0-test6.tar.bz2
# find . -not -perm -444 -exec ls -al "{}" \;
-rw-r-----    1 1046     1046        27217 Sep 28 03:51
./linux-2.6.0-test6/drivers/net/arm/ether00.c
-rw-r-----    1 1046     1046        13235 Sep 28 03:51
./linux-2.6.0-test6/drivers/char/agp/isoch.c
-rw-r-----    1 1046     1046        17188 Sep 28 03:51
./linux-2.6.0-test6/drivers/input/joystick/grip_mp.c
-rw-r-----    1 1046     1046         1992 Sep 28 03:50
./linux-2.6.0-test6/arch/arm/mach-integrator/lm.c
-rw-r-----    1 1046     1046         5363 Sep 28 03:50
./linux-2.6.0-test6/arch/arm/mach-integrator/impd1.c
-rw-r-----    1 1046     1046          422 Sep 28 03:50
./linux-2.6.0-test6/arch/arm/mach-integrator/Kconfig
-rw-r-----    1 1046     1046          698 Sep 28 03:50
./linux-2.6.0-test6/arch/arm/common/platform.c
-rw-r-----    1 1046     1046         6062 Sep 28 03:50
./linux-2.6.0-test6/arch/arm/common/amba.c
-rw-r-----    1 1046     1046         3352 Sep 28 03:51
./linux-2.6.0-test6/arch/arm/common/icst525.c
-rw-r-----    1 1046     1046         8717 Sep 28 03:50
./linux-2.6.0-test6/arch/arm/mm/Kconfig
-rw-r-----    1 1046     1046        11559 Sep 28 03:50
./linux-2.6.0-test6/arch/arm/mm/proc-arm1026.S
-rw-r-----    1 1046     1046        12538 Sep 28 03:50
./linux-2.6.0-test6/arch/arm/mm/proc-arm1020e.S
-rw-r-----    1 1046     1046        11806 Sep 28 03:51
./linux-2.6.0-test6/arch/arm/mm/proc-arm1022.S
-rw-r-----    1 1046     1046         1091 Sep 28 03:51
./linux-2.6.0-test6/arch/arm/mm/mmu.c
-rw-r-----    1 1046     1046          581 Sep 28 03:50
./linux-2.6.0-test6/include/asm-arm/arch-integrator/lm.h
-rw-r-----    1 1046     1046          512 Sep 28 03:50
./linux-2.6.0-test6/include/asm-arm/arch-integrator/impd1.h
-rw-r-----    1 1046     1046          350 Sep 28 03:50
./linux-2.6.0-test6/include/asm-arm/traps.h
-rw-r-----    1 1046     1046         1152 Sep 28 03:50
./linux-2.6.0-test6/include/asm-arm/hardware/icst525.h
-rw-r-----    1 1046     1046         1179 Sep 28 03:50
./linux-2.6.0-test6/include/asm-arm/hardware/amba.h
-rw-r-----    1 1046     1046           34 Sep 28 03:50
./linux-2.6.0-test6/include/asm-arm/sections.h
-rw-r-----    1 1046     1046         5926 Sep 28 03:50
./linux-2.6.0-test6/include/video/neomagic.h
-rw-r-----    1 1046     1046         1593 Sep 28 03:51
./linux-2.6.0-test6/Documentation/scsi/ChangeLog.megaraid


So, these files are not world readable as they should be.
I bumped into this while trying to compile the kernel from user.
Anyone trying to do so and trying to use one of these files is
affected.
It's really a matter of running chmod -R but there might be some cases
where this is not possible.

One more thing I want to recommend. Please use the tar options
--owner 0 --group 0 when creating the archive. The uid/gid 1046
combination might already be present on the system(or appear in
the future) and might bring security risks for the unwary.

Regards
Delian Krustev

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-10-04 16:38 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CJIC.4he.15@gated-at.bofh.it>
2003-10-04 16:21 ` permissions inside linux-2.6.0-test6.tar.bz2 Pascal Schmidt
     [not found] <CXsk.7ta.13@gated-at.bofh.it>
     [not found] ` <CXsk.7ta.11@gated-at.bofh.it>
2003-10-04 16:38   ` Pascal Schmidt
2003-10-04  1:47 Delian Krustev

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).