Ownership of kernel headers
sativa93 at bellsouth.net
Sun Oct 13 16:00:55 PDT 2002
Matthias Benkmann wrote:
> On Sun, 13 Oct 2002 14:16:37 -0400 Zack Winkles
> <sativa93 at bellsouth.net> wrote:
>> Zack Winkles wrote:
>> > When we unpack the kernel at the beginning of chapter 5 we neglect
>> > to change their ownership to root. In their current condition if a
>> > user just happened to get assigned the same UID as the kernel, then
>> > they would have free reign to modify the sources to their heart's
>> > content. Do we really want a user modifying our kernel sources
>> > without the permission of the administator? I think not...
>> s/chapter 5/chapter 6/g
> Oops. I should have noticed myself. You got a point here. This is not
> only an issue with the kernel but some other packages as well.
> However, changing ownership after untarring is not a good solution
> because there is enough time for an attacker to replace files before
> ownership is changed. As a security measure, we could chmod go-x /lfs.
I guess I just wasn't clear on what I meant. I'm not referring at all to
the entire system or any after-LFS stuff. I'm just saying that when we
extract the kernel in chapter 6 is leaves an open door because after
the installation the kernel source code is still owned by uid 537 (or
something like that). This is not a bad thing by itself, but if the
system were to have a user who gets assigned that UID then the next
kernel compile may have some 'surprises' in store...
Hope this cleared up (somewhat) what I meant... of course, if I'm just
on crack and imagining all this stuff tell me plz.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message
More information about the lfs-dev