[12346] in bugtraq
Re: Linux kernel source problem
daemon@ATHENA.MIT.EDU (Alessandro Rubini)
Tue Oct 26 15:59:14 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991025220621.34194@morgana.systemy.it>
Date: Mon, 25 Oct 1999 22:06:21 +0200
Reply-To: Alessandro Rubini <rubini@PROSA.IT>
From: Alessandro Rubini <rubini@PROSA.IT>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
> There is a (mostly useful) feature in "tar" [...]
> So you do this as root, needing write access to /usr/src.
Sorry, it's a non-issue. Nobody sane should ever untar anything using
root permissions. A tar file can include almost anything, including
device nodes or an open /etc/passwd.
If you want to damage your own system, untar the appended sample tar
file as root (fortunately, GNU tar strips the leading "/" by default).
In the specific Linux case, you don't need to extract sources in
/usr/src (I have them all over the place, and they compile fine). Even
if you want to do that in /usr/src, you'd better chown the directory
to your personal account and avoid working as root.
/alessandro
begin 664 extractme.tar.gz
M'XL("-ZU%#@``W1R>2YT87(`[=1+"L(P$`;@K#W%W""3-_0V:@NZJ)6FZO5-
MXQ,7@F!JP?\+-$DW,^&'D<VPEJ(LLAR"(T$C?MFO%PK,3AFMM$EWS\X)<H7[
MR@YQ6/9$4Y2:(SGFOU_&>*J+U5#,WMHW^1OWR-_Y]",8RX*X6$=/_CS_ONN&
MJN*T\DE>OJOM3L;-XM?-07&R;HZSFO]!Y_GO+>;_%'+^;=.6K$$ZY1\^R3\X
G;029DDW=?"O__`Y%]QT``````````````````&!"9[4*DF``*```
`
end
