Opened 22 years ago
Closed 21 years ago
#433 closed defect (fixed)
Kernel headers installation requires ownership change to root
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | highest | Milestone: | |
| Component: | Book | Version: | CVS |
| Severity: | normal | Keywords: | |
| Cc: |
Description
On Sun, Oct 13, 2002 at 02:15:48PM -0400, Zack Winkles wrote:
When we unpack the kernel at the beginning of chapter 6 we neglect to change their ownership to root. In their current condition if a user just happened to get assigned the same UID as the kernel, then they would have free reign to modify the sources to their heart's content. Do we really want a user modifying our kernel sources without the permission of the administator? I think not...
Argh, dang it. This was also an issue before we were using the lfs user in chapter 5 (pre-3.2) and we use to run chown. It seems that after the kernel was moved to chapter 6, nobody bothered to check if those old instructions were still needed. (thou that's understandable considering they had been removed as redundant because of the lfs user)
Change History (3)
comment:1 by , 22 years ago
comment:2 by , 21 years ago
| Status: | new → assigned |
|---|
I'm adding a note. This way people will realize it's not just the kernel behaving like this, but many other packages as well.
comment:3 by , 21 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Why not 'chown' the whole kernel source tree to 0:0? As it is, the untar'ed files on every package are owned by a non-root user. Thus, if a user on the system had the same UID as the file owner, they could damage the source files which root compiles. This is especially harmful for the kernel, because the kernel source tree is often kept long after compilation. So, we can either: a) chown -R 0:0 each time b) Put a note in the book about this problem (I recommend this) c) Ignore this problem and hope nothing bad happens as a result