FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 09-11-2010, 08:42 PM
Nikos Chantziaras
 
Default sudo in kernel config ?

On 09/11/2010 11:35 PM, Dale wrote:

Alan McKinnon wrote:

Apparently, though unproven, at 11:46 on Saturday 11 September 2010,
Albert
Hopkins did opine thusly:


On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote:

few months ago, I read linux kernel in a nutschell(sic), and the author
wrote we shouldn't do kernel operations (config and build) as root.

I call bullsh*t. I've been compiling kernels for 17 years and for the
most part have done it as root without any problems.

Same here.

The root user (sometimes portage) creates /usr/src/linux-*

Someone tell me again exactly how user alan is supposed to build those
sources?



If they are accessible by a user, couldn't a user then edit or add
something that would then cause a security problem? If they can edit
them and no one know it, then root comes along and builds a shiney new
kernel with a really nice security hole.

Glad only root can get to the sources. ;-)


No, any user can't edit them; only the user you assign the files to. If
you assign them to root, only root can edit them. If you assign them to
kerneluser, only kerneluser can edit them.


This is Unix 101
 
Old 09-11-2010, 08:49 PM
Dale
 
Default sudo in kernel config ?

Nikos Chantziaras wrote:

On 09/11/2010 11:35 PM, Dale wrote:

Alan McKinnon wrote:

Apparently, though unproven, at 11:46 on Saturday 11 September 2010,
Albert
Hopkins did opine thusly:


On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote:
few months ago, I read linux kernel in a nutschell(sic), and the
author

wrote we shouldn't do kernel operations (config and build) as root.

I call bullsh*t. I've been compiling kernels for 17 years and for the
most part have done it as root without any problems.

Same here.

The root user (sometimes portage) creates /usr/src/linux-*

Someone tell me again exactly how user alan is supposed to build those
sources?



If they are accessible by a user, couldn't a user then edit or add
something that would then cause a security problem? If they can edit
them and no one know it, then root comes along and builds a shiney new
kernel with a really nice security hole.

Glad only root can get to the sources. ;-)


No, any user can't edit them; only the user you assign the files to.
If you assign them to root, only root can edit them. If you assign
them to kerneluser, only kerneluser can edit them.


This is Unix 101




My point was, if the sources are say in the user group, then any user
can edit them? Right now, they are in the root group and owned my root
which for security reasons is a good idea. That way a regular user
can't edit or modify the kernel sources.


Dale

:-) :-)
 
Old 09-11-2010, 08:49 PM
Alan McKinnon
 
Default sudo in kernel config ?

Apparently, though unproven, at 22:28 on Saturday 11 September 2010, Etaoin
Shrdlu did opine thusly:

> On Sat, 11 Sep 2010 15:35:58 -0500 Dale <rdalek1967@gmail.com> wrote:
> > If they are accessible by a user, couldn't a user then edit or add
> > something that would then cause a security problem? If they can edit
> > them and no one know it, then root comes along and builds a shiney new
> > kernel with a really nice security hole.
>
> This was actually a potential risk once upon a time:
>
> http://attrition.org/security/advisory/gobbles/GOBBLES-16.txt

More like an actual risk all the time. Which is why:

# ls -al /usr/src/
total 2
drwxr-xr-x 3 root root 136 2010-09-01 11:41 .
drwxr-xr-x 17 root root 480 2010-08-23 01:44 ..
-rw-r--r-- 1 root root 0 2008-06-17 19:37 .keep
lrwxrwxrwx 1 root root 18 2010-09-01 11:30 linux -> linux-2.6.35-ck-r2
drwxr-xr-x 24 root root 1584 2010-09-01 02:12 linux-2.6.35-ck-r2



--
alan dot mckinnon at gmail dot com
 
Old 09-11-2010, 08:51 PM
Alan McKinnon
 
Default sudo in kernel config ?

Apparently, though unproven, at 22:34 on Saturday 11 September 2010, Nikos
Chantziaras did opine thusly:

> On 09/11/2010 11:18 PM, Alan McKinnon wrote:
> > Apparently, though unproven, at 11:46 on Saturday 11 September 2010,
> > Albert
> >
> > Hopkins did opine thusly:
> >> On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote:
> >>> few months ago, I read linux kernel in a nutschell(sic), and the author
> >>> wrote we shouldn't do kernel operations (config and build) as root.
> >>
> >> I call bullsh*t. I've been compiling kernels for 17 years and for the
> >> most part have done it as root without any problems.
> >
> > Same here.
> >
> > The root user (sometimes portage) creates /usr/src/linux-*
> >
> > Someone tell me again exactly how user alan is supposed to build those
> > sources?
>
> chown -R

I utterly fail to see the point of this prohibition against building as root.

Sure, it makes sense when I'm installing perl stuff for my users and last
command is sudo make install. But for everything else?



--
alan dot mckinnon at gmail dot com
 
Old 09-11-2010, 09:01 PM
Nikos Chantziaras
 
Default sudo in kernel config ?

On 09/11/2010 11:49 PM, Dale wrote:

Nikos Chantziaras wrote:

On 09/11/2010 11:35 PM, Dale wrote:

Alan McKinnon wrote:

Apparently, though unproven, at 11:46 on Saturday 11 September 2010,
Albert
Hopkins did opine thusly:


On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote:

few months ago, I read linux kernel in a nutschell(sic), and the
author
wrote we shouldn't do kernel operations (config and build) as root.

I call bullsh*t. I've been compiling kernels for 17 years and for the
most part have done it as root without any problems.

Same here.

The root user (sometimes portage) creates /usr/src/linux-*

Someone tell me again exactly how user alan is supposed to build those
sources?



If they are accessible by a user, couldn't a user then edit or add
something that would then cause a security problem? If they can edit
them and no one know it, then root comes along and builds a shiney new
kernel with a really nice security hole.

Glad only root can get to the sources. ;-)


No, any user can't edit them; only the user you assign the files to.
If you assign them to root, only root can edit them. If you assign
them to kerneluser, only kerneluser can edit them.

This is Unix 101




My point was, if the sources are say in the user group, then any user
can edit them? Right now, they are in the root group and owned my root
which for security reasons is a good idea. That way a regular user can't
edit or modify the kernel sources.


The group can only write if the files have the group write permission
set. Still in Unix 101 domain, hehe
 
Old 09-11-2010, 09:05 PM
Nikos Chantziaras
 
Default sudo in kernel config ?

On 09/11/2010 11:51 PM, Alan McKinnon wrote:

Apparently, though unproven, at 22:34 on Saturday 11 September 2010, Nikos
Chantziaras did opine thusly:


On 09/11/2010 11:18 PM, Alan McKinnon wrote:

Apparently, though unproven, at 11:46 on Saturday 11 September 2010,
Albert

Hopkins did opine thusly:

On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote:

few months ago, I read linux kernel in a nutschell(sic), and the author
wrote we shouldn't do kernel operations (config and build) as root.


I call bullsh*t. I've been compiling kernels for 17 years and for the
most part have done it as root without any problems.


Same here.

The root user (sometimes portage) creates /usr/src/linux-*

Someone tell me again exactly how user alan is supposed to build those
sources?


chown -R


I utterly fail to see the point of this prohibition against building as root.

Sure, it makes sense when I'm installing perl stuff for my users and last
command is sudo make install. But for everything else?


Well, running GCC and Make as root raises the same concerns as running
any other program as root.


In the case of Gentoo, this isn't too important though, since in Gentoo,
you don't build your software in your home dir and then "sudo make
install", but portage will run GCC as root anyway.


With other distros, you never run GCC/Make/etc as root. In Gentoo you
do, so there's no point in reading too much into this.
 
Old 09-11-2010, 09:30 PM
Alan McKinnon
 
Default sudo in kernel config ?

Apparently, though unproven, at 23:01 on Saturday 11 September 2010, Nikos
Chantziaras did opine thusly:

> On 09/11/2010 11:49 PM, Dale wrote:
> > Nikos Chantziaras wrote:
> >> On 09/11/2010 11:35 PM, Dale wrote:
> >>> Alan McKinnon wrote:
> >>>> Apparently, though unproven, at 11:46 on Saturday 11 September 2010,
> >>>> Albert
> >>>>
> >>>> Hopkins did opine thusly:
> >>>>> On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote:
> >>>>>> few months ago, I read linux kernel in a nutschell(sic), and the
> >>>>>> author
> >>>>>> wrote we shouldn't do kernel operations (config and build) as root.
> >>>>>
> >>>>> I call bullsh*t. I've been compiling kernels for 17 years and for the
> >>>>> most part have done it as root without any problems.
> >>>>
> >>>> Same here.
> >>>>
> >>>> The root user (sometimes portage) creates /usr/src/linux-*
> >>>>
> >>>> Someone tell me again exactly how user alan is supposed to build those
> >>>> sources?
> >>>
> >>> If they are accessible by a user, couldn't a user then edit or add
> >>> something that would then cause a security problem? If they can edit
> >>> them and no one know it, then root comes along and builds a shiney new
> >>> kernel with a really nice security hole.
> >>>
> >>> Glad only root can get to the sources. ;-)
> >>
> >> No, any user can't edit them; only the user you assign the files to.
> >> If you assign them to root, only root can edit them. If you assign
> >> them to kerneluser, only kerneluser can edit them.
> >>
> >> This is Unix 101
> >
> > My point was, if the sources are say in the user group, then any user
> > can edit them? Right now, they are in the root group and owned my root
> > which for security reasons is a good idea. That way a regular user can't
> > edit or modify the kernel sources.
>
> The group can only write if the files have the group write permission
> set. Still in Unix 101 domain, hehe

And you need write permission on the containing directory to create new files
or delete existing ones. Nothing to do with the permissions on the file
itself.

With this, I have moved us on to Unix 101a :-)



--
alan dot mckinnon at gmail dot com
 
Old 09-11-2010, 09:47 PM
Dale
 
Default sudo in kernel config ?

Nikos Chantziaras wrote:

On 09/11/2010 11:49 PM, Dale wrote:

Nikos Chantziaras wrote:

On 09/11/2010 11:35 PM, Dale wrote:

Alan McKinnon wrote:

Apparently, though unproven, at 11:46 on Saturday 11 September 2010,
Albert
Hopkins did opine thusly:


On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote:

few months ago, I read linux kernel in a nutschell(sic), and the
author
wrote we shouldn't do kernel operations (config and build) as root.
I call bullsh*t. I've been compiling kernels for 17 years and for
the

most part have done it as root without any problems.

Same here.

The root user (sometimes portage) creates /usr/src/linux-*

Someone tell me again exactly how user alan is supposed to build
those

sources?



If they are accessible by a user, couldn't a user then edit or add
something that would then cause a security problem? If they can edit
them and no one know it, then root comes along and builds a shiney new
kernel with a really nice security hole.

Glad only root can get to the sources. ;-)


No, any user can't edit them; only the user you assign the files to.
If you assign them to root, only root can edit them. If you assign
them to kerneluser, only kerneluser can edit them.

This is Unix 101




My point was, if the sources are say in the user group, then any user
can edit them? Right now, they are in the root group and owned my root
which for security reasons is a good idea. That way a regular user can't
edit or modify the kernel sources.


The group can only write if the files have the group write permission
set. Still in Unix 101 domain, hehe




I know that. Why would a person want anyone BUT root to be able to
access and change the kernel sources? Lets see if asking it this way
makes more sense. lol


Dale

:-) :-)
 
Old 09-11-2010, 10:03 PM
Etaoin Shrdlu
 
Default sudo in kernel config ?

On Sat, 11 Sep 2010 23:05:22 +0100
Peter Humphrey <peter@humphrey.ukfsn.org> wrote:

> On Saturday 11 September 2010 21:28:13 Etaoin Shrdlu wrote:
>
> > This was actually a potential risk once upon a time:
>
> Sorry to drift from the topic, but would somebody please explain to me
> what a potential risk is? How does it differ from a risk?
>
> (Not getting at you, Etaoin; the world is just full of woolly thinking
> that threatens to submerge us all. Or not thinking, in most cases.)

I suppose that a risk is potential because it's possible that it's, um
"risky" only under certain circumstances.

If those circumstances are not true for you, there is no risk; if they are
true, there is a risk.

Once you know that there is a risk (thus it's no longer potential, but
it's actual), it still take somebody or something to exploit it to actually
have a problem.

Makes sense?
 
Old 09-11-2010, 10:05 PM
Peter Humphrey
 
Default sudo in kernel config ?

On Saturday 11 September 2010 21:28:13 Etaoin Shrdlu wrote:

> This was actually a potential risk once upon a time:

Sorry to drift from the topic, but would somebody please explain to me
what a potential risk is? How does it differ from a risk?

(Not getting at you, Etaoin; the world is just full of woolly thinking
that threatens to submerge us all. Or not thinking, in most cases.)

--
Rgds
Peter. Linux Counter 5290, 1994-04-23.
 

Thread Tools




All times are GMT. The time now is 08:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org