| 1 |
On 09/11/2010 11:49 PM, Dale wrote: |
| 2 |
> Nikos Chantziaras wrote: |
| 3 |
>> On 09/11/2010 11:35 PM, Dale wrote: |
| 4 |
>>> Alan McKinnon wrote: |
| 5 |
>>>> Apparently, though unproven, at 11:46 on Saturday 11 September 2010, |
| 6 |
>>>> Albert |
| 7 |
>>>> Hopkins did opine thusly: |
| 8 |
>>>> |
| 9 |
>>>>> On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote: |
| 10 |
>>>>>> few months ago, I read linux kernel in a nutschell(sic), and the |
| 11 |
>>>>>> author |
| 12 |
>>>>>> wrote we shouldn't do kernel operations (config and build) as root. |
| 13 |
>>>>> I call bullsh*t. I've been compiling kernels for 17 years and for the |
| 14 |
>>>>> most part have done it as root without any problems. |
| 15 |
>>>> Same here. |
| 16 |
>>>> |
| 17 |
>>>> The root user (sometimes portage) creates /usr/src/linux-* |
| 18 |
>>>> |
| 19 |
>>>> Someone tell me again exactly how user alan is supposed to build those |
| 20 |
>>>> sources? |
| 21 |
>>>> |
| 22 |
>>> |
| 23 |
>>> If they are accessible by a user, couldn't a user then edit or add |
| 24 |
>>> something that would then cause a security problem? If they can edit |
| 25 |
>>> them and no one know it, then root comes along and builds a shiney new |
| 26 |
>>> kernel with a really nice security hole. |
| 27 |
>>> |
| 28 |
>>> Glad only root can get to the sources. ;-) |
| 29 |
>> |
| 30 |
>> No, any user can't edit them; only the user you assign the files to. |
| 31 |
>> If you assign them to root, only root can edit them. If you assign |
| 32 |
>> them to kerneluser, only kerneluser can edit them. |
| 33 |
>> |
| 34 |
>> This is Unix 101 :) |
| 35 |
>> |
| 36 |
>> |
| 37 |
> |
| 38 |
> My point was, if the sources are say in the user group, then any user |
| 39 |
> can edit them? Right now, they are in the root group and owned my root |
| 40 |
> which for security reasons is a good idea. That way a regular user can't |
| 41 |
> edit or modify the kernel sources. |
| 42 |
|
| 43 |
The group can only write if the files have the group write permission |
| 44 |
set. Still in Unix 101 domain, hehe :) |
Archives