From: daw@cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: R: Linux kernel source archive vulnerable
Date: Tue, 12 Sep 2006 19:42:07 +0000 (UTC) [thread overview]
Message-ID: <ee72if$sng$1@taverner.cs.berkeley.edu> (raw)
In-Reply-To: 8E63F0FB-DDD3-41D4-AFA7-88E66D0E9C8D@mac.com
Kyle Moffett wrote:
>Please see these threads and quit bringing up this topic like crazy:
>http://marc.theaimsgroup.com/?l=linux-kernel&m=113304241100330&w=2
>http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2
I've read those threads in detail. Those threads give no justification
whatsoever about why the files are stored in tar with world-writeable
permissions. The posts to those threads just blame the victim, blame
the maintainers of tar, and point fingers at everyone else. I cannot
see any good reason why the files in tar need to have world-writeable
permissions. It seems to me like a simple and reasonable request to make
them non-world-writeable. It can't hurt, and it might help a few users.
I cannot fathom why there is such resistance to such a simple request.
Just because it is a bug in tar doesn't mean that Linux developers have
to create their tarfile in a way that tickles the bug. Two wrongs don't
make a right.
Just because it doesn't affect you doesn't mean that it isn't an issue.
You're not the only person in the world.
next prev parent reply other threads:[~2006-09-12 19:42 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20060907182304.GA10686@danisch.de>
[not found] ` <D432C2F98B6D1B4BAE47F2770FEFD6B612B8B7@to1mbxs02.replynet.prv>
2006-09-11 18:29 ` R: Linux kernel source archive vulnerable Jon Lewis
2006-09-12 5:06 ` Kyle Moffett
2006-09-12 5:27 ` Willy Tarreau
2006-09-12 19:42 ` David Wagner [this message]
2006-09-12 20:35 ` R: " linux-os (Dick Johnson)
2006-09-12 21:35 ` David Wagner
2006-09-12 22:56 ` Rene Scharfe
2006-09-13 1:17 ` David Wagner
2006-09-13 4:33 ` Willy Tarreau
2006-09-13 5:34 ` David Wagner
2006-09-13 6:17 ` Kyle Moffett
2006-09-13 6:26 ` David Wagner
2006-09-13 6:49 ` Kyle Moffett
2006-09-13 6:59 ` David Wagner
2006-09-13 8:12 ` Kyle Moffett
2006-09-14 22:38 ` David Wagner
2006-09-15 7:28 ` Stefan Richter
2006-09-13 10:45 ` Martin Mares
2006-09-13 11:13 ` Jan Engelhardt
2006-09-13 6:26 ` Jan Engelhardt
2006-09-13 19:49 ` Willy Tarreau
2006-09-13 8:51 ` Stefan Richter
2006-09-14 23:04 ` Bill Davidsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='ee72if$sng$1@taverner.cs.berkeley.edu' \
--to=daw@cs.berkeley.edu \
--cc=daw-usenet@taverner.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.