-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hadmut Danisch wrote:
> Hi,
>
> there's a severe vulnerability in the Linux kernel
> source code archives:
It is my understanding that the permissions are
intentionally set that way.
This hash been discussed several times over the
past year.
http:
_
Da: Hadmut Danisch [mailto:[EMAIL PROTECTED]
Inviato: gio 07/09/2006 20.23
A: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Oggetto: Linux kernel source archive vulnerable
Hi,
there's a severe vulnerability in the Linux kernel source code archives:
On Fri, 8 Sep 2006, Raj Mathur wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Hadmut" == Hadmut Danisch <[EMAIL PROTECTED]> writes:
Hadmut> [snip]
Hadmut> When unpacking such an archive, tar also sets the uid,
Hadmut> gid, and file permissions given in the tar
Hadmut> arc
On Fri, Sep 08, 2006 at 12:52:22AM +0530, Raj Mathur wrote:
>
> I wouldn't know if something has changed drastically between 2.6.16
> and 2.6.17.11, but:
>
> [EMAIL PROTECTED]:~$ find /usr/src/linux-2.6.16/ -perm -666 ! -type l
> [EMAIL PROTECTED]:~$
>
> Not a single world-writable file or direc
Hi,
there's a severe vulnerability in the Linux kernel source code archives:
The Linux kernel is distributed as tar archives in the form of
linux-2.6.17.11.tar.bz2 from kernel.org. It is usually unpacked,
configured and compiled under /usr/src. Since installing a new kernel
requires root privile
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Hadmut" == Hadmut Danisch <[EMAIL PROTECTED]> writes:
Hadmut> [snip]
Hadmut> When unpacking such an archive, tar also sets the uid,
Hadmut> gid, and file permissions given in the tar
Hadmut> archive. Unfortunately, plenty of fi