On Wed, 12 Aug 1998, LENGARD Pascal OCISI wrote:
> no, there should be no danger to give rx permissions on directories under
> /usr/src and r permission on files there too.
> any user should be able to compile a program if he needs to.
>
Very true, in fact I don't think I've ever seen /usr/src not world
readable.
> But if for security reasons you don't want people compiling things on
> your machine then you should not install ANY development tool (and
> therefore compile your kernels on another computer). Many hacks (stack
At least no world executable devel. tools. If a hacker can execute a c
compiler that is executable only to root, then you have bigger problems to
worry about...
> overflow) imply compiling programs and if this is not possible on the
> attacked system, the hacker has to compile on another system and
> transfert the binary wich may be a potential problem for him.
>
... or transfer a copy of the gcc binary (although this is often just as
difficult).
> -----Message d'origine-----
> De: James Clifford [SMTP:[EMAIL PROTECTED]]
> Date: mercredi 12 août 1998 13:39
> À: [EMAIL PROTECTED]
> Objet: /usr/src permissions
>
> Is there any reason why /usr/src wouldn't have the executable permission
> set for other users? Trying to compile a program as with my personal
> account failed when I included stdlib.h because I didn't have permission
> to access some other header files that were buried in /usr/src. Root had
Includes are usually in /usr/include rather that /usr/src
> no problems, so I compiled the program with root then changed permissions
> on /usr/src so that I could compile with my personal account. Is this a
> bad thing to do?
>
Yes. There are security issues when compiling some things as root
(although there aren't many of them). It is safer not to if you can avoid
it.
--
Mike <[EMAIL PROTECTED]>
If we see the light at the end of the tunnel, it's the light of an
oncoming train.
-- Robert Lowell
