chapter 6, installing kernel headers

Wouter Van Hemel wouter at pair.com
Fri Jan 17 15:15:16 PST 2003


On Fri, 17 Jan 2003, Richard Lightman wrote:

> Better still, do not ever extract tar archives as root:
>
> [...]
>
> That could just as easily install a static ps or ls that installs a
> root kit.
>

As long as you don't put '.' in root's path, there's no chance of ever
executing something malicious.

Root unpacking 'static' names in public directories such as /tmp and
/var/tmp like you did, is way more dangerous though. Think about symlink
attacks such as overwriting other files or using named pipes. Not too
important for a home *nix user, but if you are an adminstrator as
profession, you better learn never, ever to use /tmp as root.

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message



More information about the lfs-dev mailing list