Bugtraq mailing list archives
Re: Linux kernel source archive vulnerable
From: "Gerald (Jerry) Carter" <jerry () samba org>
Date: Fri, 08 Sep 2006 10:55:32 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hadmut Danisch wrote:
Hi, there's a severe vulnerability in the Linux kernel source code archives:
It is my understanding that the permissions are intentionally set that way. This hash been discussed several times over the past year. http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2 http://marc.theaimsgroup.com/?l=linux-kernel&m=113304241100330&w=2
The Linux kernel is distributed as tar archives in the form of linux-2.6.17.11.tar.bz2 from kernel.org. It is usually unpacked, configured and compiled under /usr/src. Since installing a new kernel requires root privileges, this is usually done as root.
The standard recommendation is to never compile the kernel as root. cheers, jerry ===================================================================== Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFAZJzIR7qMdg1EfYRAuhSAKCYurfH4UVuiBVPZBg5bVLt9q+nywCglRWF vEnpAsN1S4DWQflVvM6Jcqs= =okZq -----END PGP SIGNATURE-----
Current thread:
- Linux kernel source archive vulnerable Hadmut Danisch (Sep 07)
- Re: [Full-disclosure] Linux kernel source archive vulnerable Raj Mathur (Sep 07)
- Re: [Full-disclosure] Linux kernel source archive vulnerable Hadmut Danisch (Sep 07)
- Re: [Full-disclosure] Linux kernel source archive vulnerable Christine Kronberg (Sep 11)
- R: Linux kernel source archive vulnerable Perego Paolo Franco (Sep 11)
- Re: Linux kernel source archive vulnerable Gerald (Jerry) Carter (Sep 11)
- Re: [Full-disclosure] Linux kernel source archive vulnerable Raj Mathur (Sep 07)