1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 07/04/2012 08:56 PM, William Hubbs wrote: |
5 |
> On Wed, Jul 04, 2012 at 02:20:36PM -0400, Rick "Zero_Chaos" Farina |
6 |
> wrote: |
7 |
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 |
8 |
>> |
9 |
>> On 07/04/2012 01:58 PM, Michał Górny wrote: |
10 |
|
11 |
>> We could allow writes in the directories but not to the kernel |
12 |
>> source files themselves... that seems moderately sane even as the |
13 |
>> source files don't need to be written to be compiled, only the |
14 |
>> dir's need write permissions... |
15 |
> |
16 |
> Actually the directories do not need write permissions either. Take |
17 |
> a look at the O= option documented in /usr/src/linux/README. |
18 |
> |
19 |
> William |
20 |
> |
21 |
|
22 |
Um, well, users can then write the the compiled files (.o in the tree). |
23 |
You can also set `chmod -R g+w /` and gave everyone full access. |
24 |
|
25 |
I think running kernels from non-root checkouts is a pretty big |
26 |
security hole. |
27 |
|
28 |
Michael |
29 |
|
30 |
- -- |
31 |
Gentoo Dev |
32 |
http://xmw.de/ |
33 |
|
34 |
|
35 |
-----BEGIN PGP SIGNATURE----- |
36 |
Version: GnuPG v2.0.19 (GNU/Linux) |
37 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
38 |
|
39 |
iF4EAREIAAYFAk/0lFQACgkQknrdDGLu8JD3AwD8CWdFJemXSh4O4xS94AXfo1Bw |
40 |
6XwIhGspPvP/EGI/+7cBAI486fBSopMQxB/IaFyDnwVxriLZxOan5SrqMJXWa8b5 |
41 |
=+ocR |
42 |
-----END PGP SIGNATURE----- |