|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Linux kernel source archive vulnerable
From: Christine Kronberg (seeker
shalla.de)
Date: Fri Sep 08 2006 - 01:09:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 8 Sep 2006, Raj Mathur wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>>>>>> "Hadmut" == Hadmut Danisch <hadmutdanisch.de> writes:
>
> Hadmut> [snip]
>
> Hadmut> When unpacking such an archive, tar also sets the uid,
> Hadmut> gid, and file permissions given in the tar
> Hadmut> archive. Unfortunately, plenty of files and directories in
> Hadmut> that archive are world writable. E.g. in the 2.6.17.11
> Hadmut> archive, there are 1201 world writable directories and
> Hadmut> 19554 world writable files.
>
> I wouldn't know if something has changed drastically between 2.6.16
> and 2.6.17.11, but:
>
> rajumail:~$ find /usr/src/linux-2.6.16/ -perm -666 ! -type l
> rajumail:~$
>
> Not a single world-writable file or directory. Perhaps pre-release
> kernel tarballs are more lax?
Seems to. I just checked linux-2.6.13 and linux-2.6.17.6. While the
first has no world writeable files or directories at all the latter
has tons of it. Interesting.
Cheers,
Chris Kronberg.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]