Kernelsources writeable for everyone?!

Kernelsources writeable for everyone?!

[Daniel]

Hi,
may be this was reported/asked 999999999 times, but here ist the 1000000000th:

I have downloaded linux-2.6.17.1 10 min ago and I noticed that every file is 
writeable by everyone. What's going on there?

coffee src # tar -jtvf linux-2.6.17.1.tar.bz2
drwxrwxrwx git/git           0 2006-06-20 11:31:55 linux-2.6.17.1/
-rw-rw-rw- git/git         462 2006-06-20 11:31:55 linux-2.6.17.1/.gitignore
-rw-rw-rw- git/git       18693 2006-06-20 11:31:55 linux-2.6.17.1/COPYING
-rw-rw-rw- git/git       89536 2006-06-20 11:31:55 linux-2.6.17.1/CREDITS
drwxrwxrwx git/git           0 2006-06-20 11:31:55 
linux-2.6.17.1/Documentation/
-rw-rw-rw- git/git       10581 2006-06-20 11:31:55 
linux-2.6.17.1/Documentation/00-INDEX
[...]


regards
Daniel Buschke

Re: Kernelsources writeable for everyone?!

[Avuton Olrich]

On 6/24/06, Daniel <damage@rooties.de> wrote:
> Hi,
> may be this was reported/asked 999999999 times, but here ist the 1000000000th:
>
> I have downloaded linux-2.6.17.1 10 min ago and I noticed that every file is
> writeable by everyone. What's going on there?

http://marc.theaimsgroup.com/?l=linux-kernel&m=114635639325551&w=2
-- 
avuton
--
 Anyone who quotes me in their sig is an idiot. -- Rusty Russell.

Re: Kernelsources writeable for everyone?!

[Rene Scharfe]

Daniel schrieb:
> Hi,
> may be this was reported/asked 999999999 times, but here ist the 1000000000th:

You're close. :-P

> I have downloaded linux-2.6.17.1 10 min ago and I noticed that every file is 
> writeable by everyone. What's going on there?
> 
> coffee src # tar -jtvf linux-2.6.17.1.tar.bz2
> drwxrwxrwx git/git           0 2006-06-20 11:31:55 linux-2.6.17.1/

This is intentional.  You can set the permissions to anything you want
by making tar honor the umask setting -- without needing to run chmod
after extracting.

So either use the --no-same-permissions option of GNU tar, or simply
don't run tar as root (then this option is on by default), which is a
good idea anyway.

René

Re: Kernelsources writeable for everyone?!

[Al Viro]

On Sat, Jun 24, 2006 at 08:00:50PM +0200, Daniel wrote:
> Hi,
> may be this was reported/asked 999999999 times, but here ist the 1000000000th:
> 
> I have downloaded linux-2.6.17.1 10 min ago and I noticed that every file is 
> writeable by everyone. What's going on there?

You are unpacking tarballs as root and preserve ownership and permissions.
Don't.

Re: Kernelsources writeable for everyone?!

[Mark Rosenstand]

On Sat, 2006-06-24 at 19:17 +0100, Al Viro wrote:
> On Sat, Jun 24, 2006 at 08:00:50PM +0200, Daniel wrote:
> > Hi,
> > may be this was reported/asked 999999999 times, but here ist the 1000000000th:
> > 
> > I have downloaded linux-2.6.17.1 10 min ago and I noticed that every file is 
> > writeable by everyone. What's going on there?

It's an abusive way of telling people to not extract the kernel sources
as root. Surely if they don't follow the recommended workflow, their box
deserve to be rooted.

> You are unpacking tarballs as root and preserve ownership and permissions.
> Don't.

Preserving ownership and permissions is the default behaviour for GNU
tar when running as root. Other implementations require the -p option.

Re: Kernelsources writeable for everyone?!

[Matthew Frost]

Mark Rosenstand wrote:
> On Sat, 2006-06-24 at 19:17 +0100, Al Viro wrote:
>> On Sat, Jun 24, 2006 at 08:00:50PM +0200, Daniel wrote:
>>> Hi,
>>> may be this was reported/asked 999999999 times, but here ist the 1000000000th:
>>>
>>> I have downloaded linux-2.6.17.1 10 min ago and I noticed that every file is 
>>> writeable by everyone. What's going on there?
> 
> It's an abusive way of telling people to not extract the kernel sources
> as root. Surely if they don't follow the recommended workflow, their box
> deserve to be rooted.
> 

No, the inevitable flame war here is the abusive way of telling people 
not to extract the kernel sources as root.  This argument boils down to 
a fundamental disjunct: trust people to handle security of their own box 
their own way, with full knowledge of how their tools work, or assume 
that they aren't intelligent enough to use tools sanely and securely, 
and handicap so they don't have to.  The latter, much as it is not seen 
this way, is the abusive philosophy.  The former trusts the user.

Yes, there's a learning curve.  There is always a learning curve.  Never 
expect there not to be a learning curve.

The kernel archive is foremost an archive of a working directory.  The 
recommended workflow is sane, and is designed around the limitations of 
tools sensibly designed for a wide range of purposes, not foremost of 
which is kernel compilation.

Please learn to take advice.  It tends to be intended for your benefit, 
and is generally more useful when not viewed as a personal affront.

>> You are unpacking tarballs as root and preserve ownership and permissions.
>> Don't.
> 
> Preserving ownership and permissions is the default behaviour for GNU
> tar when running as root. Other implementations require the -p option.

Matt

Re: Kernelsources writeable for everyone?!

[Joshua Hudson]

I feel like asking how they initially get set to world-writable. To me
it means that the tree that is being tarred up for distribution is
world-writible. I sure hope that it is a single-user box.

Re: Kernelsources writeable for everyone?!

[Matthew Frost]

Joshua Hudson wrote:
> I feel like asking how they initially get set to world-writable. To me
> it means that the tree that is being tarred up for distribution is
> world-writible. I sure hope that it is a single-user box.
> -

Yeah.  Having said, "Take advice", I'm also curious as to just the 
why/how of the current configuration and the work patterns that create 
it.  I get the impression that there *is* a reason for it, because if it 
were just a security issue, I can't see this much resistance to changing 
it.  Sane tar permissions and sensible usage aside.

The kernel untar-and-compile procedure has been documented this way 
since at least 2000, from Linus.  There's a good recent (and short) 
discussion from Jesper Juhl on LXer that references it, as well.

http://uwsg.iu.edu/hypermail/linux/kernel/0007.3/0587.html
http://lxer.com/module/forums/t/22410/

The previous two l-k threads I can find on this topic (one listed 
earlier in this thread, one referenced from it) don't seem to be any 
more revelatory about why the tarball is as it is.  I might guess that 
it has to do with how changes get checked in, but I also have the vague 
memory that these aren't tar()ed on a development box.  I could be 
wrong.  Consider me seconding the "Why?" aspect, if anybody's still 
listening.  :)

Matt

Re: Kernelsources writeable for everyone?!

[Matthew Frost]

Matthew Frost wrote:
> Joshua Hudson wrote:
>> I feel like asking how they initially get set to world-writable. To me
>> it means that the tree that is being tarred up for distribution is
>> world-writible. I sure hope that it is a single-user box.
>> -
> 
> Yeah.  Having said, "Take advice", I'm also curious as to just the 
> why/how of the current configuration and the work patterns that create 
> it.  I get the impression that there *is* a reason for it, because if it 
> were just a security issue, I can't see this much resistance to changing 
> it.  Sane tar permissions and sensible usage aside.
> 
> The kernel untar-and-compile procedure has been documented this way 
> since at least 2000, from Linus.  There's a good recent (and short) 
> discussion from Jesper Juhl on LXer that references it, as well.
> 
> http://uwsg.iu.edu/hypermail/linux/kernel/0007.3/0587.html
> http://lxer.com/module/forums/t/22410/
> 
> The previous two l-k threads I can find on this topic (one listed 
> earlier in this thread, one referenced from it) don't seem to be any 
> more revelatory about why the tarball is as it is.  I might guess that 
> it has to do with how changes get checked in, but I also have the vague 
> memory that these aren't tar()ed on a development box.  I could be 
> wrong.  Consider me seconding the "Why?" aspect, if anybody's still 
> listening.  :)
> 
> Matt

No, I'm an idiot.  Blockquoted here (Norbert van Nobelen):
"The rights on the files should be sufficient for the compiler to go 
through the tree and compile the kernel for you. If it bothers you, you 
can just run chmod -R to correct it.
I guess that it will not be corrected."
http://marc.theaimsgroup.com/?l=linux-kernel&m=113304353113129&w=2

Re: Kernelsources writeable for everyone?!

[Junio C Hamano]

"Joshua Hudson" <joshudson@gmail.com> writes:

> I feel like asking how they initially get set to world-writable. To me
> it means that the tree that is being tarred up for distribution is
> world-writible. I sure hope that it is a single-user box.

It is _not_ coming from a working tree at all.

git-tar-tree generates the tar image from a git tree object, and
when it does so, it deliberately sets the mode bits to 0666/0777
so that umask of the people who extract the tarball is honored.
In very early days once we made a mistake of generating the tar
archive with more restrictive permission bits (I think it was
0644 or 0755) which was very impolite way to annoy people with
002 umask.

Re: Kernelsources writeable for everyone?!

[Bill Davidsen]

Junio C Hamano wrote:
> "Joshua Hudson" <joshudson@gmail.com> writes:
> 
>> I feel like asking how they initially get set to world-writable. To me
>> it means that the tree that is being tarred up for distribution is
>> world-writible. I sure hope that it is a single-user box.
> 
> It is _not_ coming from a working tree at all.
> 
> git-tar-tree generates the tar image from a git tree object, and
> when it does so, it deliberately sets the mode bits to 0666/0777
> so that umask of the people who extract the tarball is honored.
> In very early days once we made a mistake of generating the tar
> archive with more restrictive permission bits (I think it was
> 0644 or 0755) which was very impolite way to annoy people with
> 002 umask.
> 
I have my unpack/build directory set to a group ownership which prevents 
"just anyone" from writing, and have the "setgid" bit on (mode 2775) 
which interestingly propagates. So everything has the same group, and 
you can set your umask to do what you want. I want everything world 
readable, writable by group. YMMV.

-- 
Bill Davidsen <davidsen@tmr.com>
   Obscure bug of 2004: BASH BUFFER OVERFLOW - if bash is being run by a
normal user and is setuid root, with the "vi" line edit mode selected,
and the character set is "big5," an off-by-one errors occurs during
wildcard (glob) expansion.

Re: Kernelsources writeable for everyone?!

[Troy Benjegerdes]

On Sat, Jun 24, 2006 at 07:17:02PM +0100, Al Viro wrote:
> On Sat, Jun 24, 2006 at 08:00:50PM +0200, Daniel wrote:
> > Hi,
> > may be this was reported/asked 999999999 times, but here ist the 1000000000th:
> > 
> > I have downloaded linux-2.6.17.1 10 min ago and I noticed that every file is 
> > writeable by everyone. What's going on there?
> 
> You are unpacking tarballs as root and preserve ownership and permissions.
> Don't.

While it is true that users generally shouldn't be unpacking tarballs as root,
It seems rather monumentally stupid for a trusted source for a critical
system component (aka, kernel.org) to be distributing tarballs like
this.

How hard is it really to make the git tarball export script set sane
owner (root) and permissions (644/755) on files and directories?

Re: Kernelsources writeable for everyone?!

[Rene Scharfe]

Troy Benjegerdes schrieb:
> On Sat, Jun 24, 2006 at 07:17:02PM +0100, Al Viro wrote:
>> On Sat, Jun 24, 2006 at 08:00:50PM +0200, Daniel wrote:
>>> Hi, may be this was reported/asked 999999999 times, but here ist 
>>> the 1000000000th:
>>> 
>>> I have downloaded linux-2.6.17.1 10 min ago and I noticed that 
>>> every file is writeable by everyone. What's going on there?
>> You are unpacking tarballs as root and preserve ownership and 
>> permissions. Don't.
> 
> While it is true that users generally shouldn't be unpacking tarballs
>  as root, It seems rather monumentally stupid for a trusted source
> for a critical system component (aka, kernel.org) to be distributing 
> tarballs like this.

The permissions info within a tarball doesn't mean anything as long as
the file just sits there.  Only when you interpret the contents and
create files and directories they become relevant.

Tar gives you two options: A) set permissions exactly as stored in the
tar file, or B) apply the umask.  Tar archives created by git are
intended to be interpreted using option B), which is the default for GNU
tar if run as non-root.

You can interpret the tar file correctly even if you are root, you just
have to convince tar to apply the umask.

Best regards,
René

Re: Kernelsources writeable for everyone?!

[Bodo Eggert]

Matthew Frost <artusemrys@sbcglobal.net> wrote:
> Joshua Hudson wrote:

>> I feel like asking how they initially get set to world-writable. To me
>> it means that the tree that is being tarred up for distribution is
>> world-writible. I sure hope that it is a single-user box.
>> -
> 
> Yeah.  Having said, "Take advice", I'm also curious as to just the
> why/how of the current configuration and the work patterns that create
> it.  I get the impression that there *is* a reason for it, because if it
> were just a security issue, I can't see this much resistance to changing
> it.  Sane tar permissions and sensible usage aside.

The reason is the same for which an application SHOULD NOT impose stricter
permissions than 0666 without a reasonon open/create: It's supposed to
honor the umask, imposing a restriction is none of it's busines.
-- 
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.

http://david.woodhou.se/why-not-spf.html