Ownership of kernel headers

Zack Winkles sativa93 at bellsouth.net
Sun Oct 13 16:00:55 PDT 2002


Matthias Benkmann wrote:

> On Sun, 13 Oct 2002 14:16:37 -0400 Zack Winkles
> <sativa93 at bellsouth.net> wrote:
> 
>> Zack Winkles wrote:
>> > When we unpack the kernel at the beginning of chapter 5 we neglect
>> > to change their ownership to root. In their current condition if a
>> > user just happened to get assigned the same UID as the kernel, then
>> > they would have free reign to modify the sources to their heart's
>> > content. Do we really want a user modifying our kernel sources
>> > without the permission of the administator? I think not...
>> 
>> s/chapter 5/chapter 6/g
> 
> Oops. I should have noticed myself. You got a point here. This is not
> only an issue with the kernel but some other packages as well.
> However, changing ownership after untarring is not a good solution
> because there is enough time for an attacker to replace files before
> ownership is changed. As a security measure, we could chmod go-x /lfs.
> 
> MSB
> 

I guess I just wasn't clear on what I meant. I'm not referring at all to 
the entire system or any after-LFS stuff. I'm just saying that when we 
extract the kernel in chapter 6 is leaves an open door because after 
the installation the kernel source code is still owned by uid 537 (or 
something like that). This is not a bad thing by itself, but if the 
system were to have a user who gets assigned that UID then the next 
kernel compile may have some 'surprises' in store...

Hope this cleared up (somewhat) what I meant... of course, if I'm just 
on crack and imagining all this stuff tell me plz.

Bye

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message



More information about the lfs-dev mailing list