On Fri, 8 Sep 2006, Perego Paolo Franco wrote:
> Anyway just few considerations:
> 2) a good sysadmin is aware that /usr/src is NOT supposed to be world
> writable
Ownership/permissions on /usr/src are irrelevant. For some reason (bug in
how they're being checked out of git, I assume), the latest kernel source
tar files have all files and directories world writable. This is not how
it's been in the past and is not how it should be.
The change happened between 2.6.13.3 and 2.6.13.4.
$ tar -tvjf /var/ftp/pub/Linux/ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.3.tar.bz2 | less
tar: Record size = 8 blocks
drwxr-xr-x git/git 0 2005-10-03 19:27:35 linux-2.6.13.3/
-rw-r--r-- git/git 18691 2005-10-03 19:27:35 linux-2.6.13.3/COPYING
-rw-r--r-- git/git 89317 2005-10-03 19:27:35 linux-2.6.13.3/CREDITS
drwxr-xr-x git/git 0 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/
-rw-r--r-- git/git 10244 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/00-INDEX
-rw-r--r-- git/git 3699 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/BUG-HUNTING
-rw-r--r-- git/git 13072 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/Changes
-rw-r--r-- git/git 15351 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/CodingStyle
-rw-r--r-- git/git 20407 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/DMA-API.txt
-rw-r--r-- git/git 31996 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/DMA-mapping.txt
drwxr-xr-x git/git 0 2005-10-03 19:27:35 linux-2.6.13.3/Documentation/DocBook/
$ tar -tvjf /var/ftp/pub/Linux/ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.4.tar.bz2 | less
tar: Record size = 8 blocks
drwxr-xr-x git/git 0 2005-10-10 14:54:29 linux-2.6.13.4/
-rw-rw-rw- git/git 18691 2005-10-10 14:54:29 linux-2.6.13.4/COPYING
-rw-rw-rw- git/git 89317 2005-10-10 14:54:29 linux-2.6.13.4/CREDITS
drwxrwxrwx git/git 0 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/
-rw-rw-rw- git/git 10244 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/00-INDEX
-rw-rw-rw- git/git 3699 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/BUG-HUNTING
-rw-rw-rw- git/git 13072 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/Changes
-rw-rw-rw- git/git 15351 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/CodingStyle
-rw-rw-rw- git/git 20407 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/DMA-API.txt
-rw-rw-rw- git/git 31996 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/DMA-mapping.txt
drwxrwxrwx git/git 0 2005-10-10 14:54:29 linux-2.6.13.4/Documentation/DocBook/
In the very latest, even the source tree's root is 777.
$ tar -tvjf /var/ftp/pub/Linux/ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.13.tar.bz2 | less
tar: Record size = 8 blocks
drwxrwxrwx git/git 0 2006-09-08 23:23:25 linux-2.6.17.13/
-rw-rw-rw- git/git 462 2006-09-08 23:23:25 linux-2.6.17.13/.gitignore
-rw-rw-rw- git/git 18693 2006-09-08 23:23:25 linux-2.6.17.13/COPYING
-rw-rw-rw- git/git 89536 2006-09-08 23:23:25 linux-2.6.17.13/CREDITS
drwxrwxrwx git/git 0 2006-09-08 23:23:25 linux-2.6.17.13/Documentation/
-rw-rw-rw- git/git 10581 2006-09-08 23:23:25 linux-2.6.17.13/Documentation/00-INDEX
-rw-rw-rw- git/git 7249 2006-09-08 23:23:25 linux-2.6.17.13/Documentation/BUG-HUNTING
-rw-rw-rw- git/git 11655 2006-09-08 23:23:25 linux-2.6.17.13/Documentation/Changes
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Sep 11, 2006, at 14:29:58, Jon Lewis wrote:
> On Fri, 8 Sep 2006, Perego Paolo Franco wrote:
>
>> Anyway just few considerations:
>> 2) a good sysadmin is aware that /usr/src is NOT supposed to be
>> world writable
>
> For some reason (bug in how they're being checked out of git, I
> assume), the latest kernel source tar files have all files and
> directories world writable. This is not how it's been in the past
> and is not how it should be.
-ENOBUG
Please see these threads and quit bringing up this topic like crazy:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113304241100330&w=2
http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2
To quote:
> Going over old ground again, any administrator a) compiling the
> kernel as root or b) relying on GNU tar to make
> _security_policy_decisions_ is completely insane.
>
> The only "trick" here is tar's decision not to apply umask, or root
> uid/gid, to files in a tar when extracted as root. This might make
> sense for tars that you created and want to extract again (say
> restoring a backup), but it certainly NEVER makes sense for files
> downloaded off the Internet.
So if you must cause a senseless hubbub on securityfocus.com, please
don't spill it over onto LKML. This sort of thing is at _worst_ a
bug in GNU tar that it's behavior is different when root. I run a
linux system with SELinux where user 0 is no different than any other
user and has no special permissions at all, and this kind of
stupidity bites me a lot. My user 0 is "kyle" when I want to chown
files I switch to the "sysadm" role, or if I absolutely need to
override security policy for some reason I jump through hoops to get
to the "root" role. In neither of those cases do I care what UID I am.
So either deal insecure permissions when you can't be bothered to use
GNU tar securely (easy), don't compile your kernel as root (easier)
or fix GNU tar not to assume UID 0 is God in the first place.
Cheers,
Kyle Moffett
On Tue, Sep 12, 2006 at 01:06:37AM -0400, Kyle Moffett wrote:
> On Sep 11, 2006, at 14:29:58, Jon Lewis wrote:
> >On Fri, 8 Sep 2006, Perego Paolo Franco wrote:
> >
> >>Anyway just few considerations:
> >>2) a good sysadmin is aware that /usr/src is NOT supposed to be
> >>world writable
> >
> >For some reason (bug in how they're being checked out of git, I
> >assume), the latest kernel source tar files have all files and
> >directories world writable. This is not how it's been in the past
> >and is not how it should be.
>
> -ENOBUG
>
> Please see these threads and quit bringing up this topic like crazy:
> http://marc.theaimsgroup.com/?l=linux-kernel&m=113304241100330&w=2
> http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2
BTW, since git 1.4.2, it's possible to specify "umask=022" in the [tar]
section of the repo config to bring back the old behaviour. Maybe it
would be a good idea to use it on Linus' side to make everyone happy ?
Regards,
Willy