[12360] in bugtraq
Re: Linux kernel source problem
daemon@ATHENA.MIT.EDU (Peter W)
Wed Oct 27 15:34:12 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9910261446420.3646-100000@localhost>
Date: Tue, 26 Oct 1999 14:55:31 -0400
Reply-To: Peter W <peterw@USA.NET>
From: Peter W <peterw@USA.NET>
X-To: Alessandro Rubini <rubini@PROSA.IT>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991025220621.34194@morgana.systemy.it>
Unfortunately, many documents suggest doing this work as root. See
http://www.redhat.com/mirrors/LDP/HOWTO/Kernel-HOWTO-3.html#ss3.2
Some re-education may be in order. :-(
-Peter
cc: Brian Ward, the Kernel-HOWTO maintainer
At 10:06pm Oct 25, 1999, Alessandro Rubini wrote:
> > There is a (mostly useful) feature in "tar" [...]
>
> > So you do this as root, needing write access to /usr/src.
>
> Sorry, it's a non-issue. Nobody sane should ever untar anything using
> root permissions. A tar file can include almost anything, including
> device nodes or an open /etc/passwd.
> In the specific Linux case, you don't need to extract sources in
> /usr/src (I have them all over the place, and they compile fine). Even
> if you want to do that in /usr/src, you'd better chown the directory
> to your personal account and avoid working as root.
