Kyle Moffett wrote:
>No, git-tar-tree is storing the desired permissions (0666 and 0777)
>in the tar archive. This is not a bug, those are actually the
>permissions we want in the tar archive.
Those may be the permissions *you* want, but they're not the permissions
I suspect many users would prefer. Take a look at any open-source
project that ships tar archives of their source code. Do they ship
tarballs of their source code where all the files have 0666 permissions?
Not in my experience. That should tell you something.
Telling me that this is "by design" is not a very persuasive response
when my claim is that the design is poorly chosen.
>No, it is user-friendly. This is like distributing programs who use
>open(..., 0666) when opening globally-readable files.
It's not the same. There's a reason that most other open-source
projects are careful not to distribute 0666 files in their tar archives.
>o Do *not* extract kernel trees as root
I don't see anything unreasonable about extracting tarballs from a
trusted source as root (unless, of course, the folks who put together
the tarballs are malicious or careless or can't be trusted).
I don't see any good justification for this other than that the
maintainers of git-tar-tree can't be bothered to store more reasonable
permissions in the tar archive. It smells like a workaround that is
designed to make the lives of the git-tar-tree programmers easier --
but at the cost of making users lives a little harder. That's what I
mean when I said that this decision doesn't seem very user-friendly.
On Sep 13, 2006, at 02:59:31, David Wagner wrote:
> Kyle Moffett wrote:
>> No, git-tar-tree is storing the desired permissions (0666 and
>> 0777) in the tar archive. This is not a bug, those are actually
>> the permissions we want in the tar archive.
>
> Those may be the permissions *you* want, but they're not the
> permissions I suspect many users would prefer.
How do you decide what users would prefer? I seem to recall the UNIX
way to do that is umask which works perfectly with tar as a normal
user and kernel tarballs. I fail to see how you get world-writable
files from a kernel tree unless your umask is 0000 or you're using
tar in backup-mode; which is senseless on a tar file not built to
restore as a backup. For that matter, how do you determine which
user it should extract as? UID 0? Linus' UID? My UID? What
happens when I extract files on my SELinux system under the sysadm
role as UID 500? Should they get UID 0 because I have chown
permissions and the author of the tar archive was tarring as root?
Relying on GNU tar and/or the permissions embedded in a tar file you
downloaded from the internet to enforce your security policy is going
to lead to a world of pain.
Besides, even Linus said:
> I would suggest that people who compile new kernels should:
> [...]
> - compile the kernel in their own home directory, as their very own
> selves. No need to be root to compile the kernel. You need to be
> root to _install_ the kernel, but that's different.
> Take a look at any open-source project that ships tar archives of
> their source code. Do they ship tarballs of their source code
> where all the files have 0666 permissions?
Actually, if you start browsing random software tarballs you'll find
that 1 in 5 or so has world-write permissions on at _minimum_ the
root directory, more often the whole source tree.
I ran:
> for i in *.tar.gz; do tar -tvzf $i | head -n 1; done | less
on my directory of source tarballs and just going alphabetically down
the list here's a list I found with drwxrwxrwx for the root directory
of the archive:
OpenSP-1.5.1.tar.gz
bison-2.1.tar.gz
cyrus-sasl-2.1.21.tar.gz
findutils-4.2.20.tar.gz
gawk-3.1.4.tar.gz
gd-2.0.33.tar.gz
glib-1.2.10.tar.gz
gmp-4.2.1.tar.gz
guile-1.4.tar.gz
gzip-1.2.4a.tar.gz
libtool-1.5.22.tar.gz
links-0.99.tar.gz
mpfr-2.2.0.tar.gz
openMotif-2.2.3.tar.gz
If this is really a "security issue" as you claim and not an admin-
caused PEBKAC problem then a lot more software than the kernel is at
risk. At least with the kernel we can expect people to have some
idea what they're doing, with some of the software above there are
README files that say "BEGINNER TUTORIAL" and go over the basics of
configure scripts.
So is this really about security or about _you_ being too lazy to
pass the appropriate option to tar when unpacking a software tarball
as root?
Cheers,
Kyle Moffett