| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA256 |
| 3 |
|
| 4 |
On 07/04/2012 08:56 PM, William Hubbs wrote: |
| 5 |
> On Wed, Jul 04, 2012 at 02:20:36PM -0400, Rick "Zero_Chaos" Farina |
| 6 |
> wrote: |
| 7 |
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 |
| 8 |
>> |
| 9 |
>> On 07/04/2012 01:58 PM, Michał Górny wrote: |
| 10 |
|
| 11 |
>> We could allow writes in the directories but not to the kernel |
| 12 |
>> source files themselves... that seems moderately sane even as the |
| 13 |
>> source files don't need to be written to be compiled, only the |
| 14 |
>> dir's need write permissions... |
| 15 |
> |
| 16 |
> Actually the directories do not need write permissions either. Take |
| 17 |
> a look at the O= option documented in /usr/src/linux/README. |
| 18 |
> |
| 19 |
> William |
| 20 |
> |
| 21 |
|
| 22 |
Um, well, users can then write the the compiled files (.o in the tree). |
| 23 |
You can also set `chmod -R g+w /` and gave everyone full access. |
| 24 |
|
| 25 |
I think running kernels from non-root checkouts is a pretty big |
| 26 |
security hole. |
| 27 |
|
| 28 |
Michael |
| 29 |
|
| 30 |
- -- |
| 31 |
Gentoo Dev |
| 32 |
http://xmw.de/ |
| 33 |
|
| 34 |
|
| 35 |
-----BEGIN PGP SIGNATURE----- |
| 36 |
Version: GnuPG v2.0.19 (GNU/Linux) |
| 37 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 38 |
|
| 39 |
iF4EAREIAAYFAk/0lFQACgkQknrdDGLu8JD3AwD8CWdFJemXSh4O4xS94AXfo1Bw |
| 40 |
6XwIhGspPvP/EGI/+7cBAI486fBSopMQxB/IaFyDnwVxriLZxOan5SrqMJXWa8b5 |
| 41 |
=+ocR |
| 42 |
-----END PGP SIGNATURE----- |
Archives