From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OuX0q-0003jH-Pp for garchives@archives.gentoo.org; Sat, 11 Sep 2010 20:49:29 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5B63CE08B1; Sat, 11 Sep 2010 20:49:10 +0000 (UTC) Received: from mail-ew0-f53.google.com (mail-ew0-f53.google.com [209.85.215.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 1F2A8E08B1 for ; Sat, 11 Sep 2010 20:49:10 +0000 (UTC) Received: by ewy3 with SMTP id 3so2542099ewy.40 for ; Sat, 11 Sep 2010 13:49:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:cc:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=CU+cmYsId3jTl0oNd0lrHKoMiNWJzh0YNav8yuU/tGA=; b=lYBs401HPCbCYKNPnUa39+RgcIIJCtochBEVHf7yLql6Cg7RCIuc4dhEha69XwhyW0 UQXdGgi//jxjHDLi5Cx6+jvMmXP7/9HIoGFrobK4es0eiTnLZ2fUPKRHWcgVi1C9GPDE PvAuUBZGnlXB6Q2Uik7pORmRst4lyPbtSNTAE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=rKI1aRfOd6y5aebEVV176YZEkYGzENRoTqIPB3rSjmG8ci81OEID6s+sSbJvyFtPCb /l8ExBqpTIUrgpJULi2BrQHaHBI88Xjvl/EhH7Oq+s5txRWhr2gvKkUUXhqkAzFx2WG/ E42UsjCB0FvtfLYW9GJ85OqX9GLwNBgEB3xVk= Received: by 10.14.47.69 with SMTP id s45mr1496983eeb.9.1284238149500; Sat, 11 Sep 2010 13:49:09 -0700 (PDT) Received: from nazgul.localnet (196-210-153-155.dynamic.isadsl.co.za [196.210.153.155]) by mx.google.com with ESMTPS id v59sm6267626eeh.4.2010.09.11.13.49.07 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 11 Sep 2010 13:49:08 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] sudo in kernel config ? Date: Sat, 11 Sep 2010 22:49:03 +0200 User-Agent: KMail/1.13.5 (Linux/2.6.35-ck-r2; KDE/4.5.1; x86_64; ; ) Cc: Etaoin Shrdlu References: <201009111024.31634.stephane@22decembre.eu> <4C8BE82E.6020500@gmail.com> <20100911212813.3757106d@scooter.muppet.show> In-Reply-To: <20100911212813.3757106d@scooter.muppet.show> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201009112249.03770.alan.mckinnon@gmail.com> X-Archives-Salt: a7a37faf-d6f6-491c-9ddc-f3cf5809c315 X-Archives-Hash: ffbcad5a9e39433c6ebe3c3cb5753537 Apparently, though unproven, at 22:28 on Saturday 11 September 2010, Etaoin Shrdlu did opine thusly: > On Sat, 11 Sep 2010 15:35:58 -0500 Dale wrote: > > If they are accessible by a user, couldn't a user then edit or add > > something that would then cause a security problem? If they can edit > > them and no one know it, then root comes along and builds a shiney new > > kernel with a really nice security hole. > > This was actually a potential risk once upon a time: > > http://attrition.org/security/advisory/gobbles/GOBBLES-16.txt More like an actual risk all the time. Which is why: # ls -al /usr/src/ total 2 drwxr-xr-x 3 root root 136 2010-09-01 11:41 . drwxr-xr-x 17 root root 480 2010-08-23 01:44 .. -rw-r--r-- 1 root root 0 2008-06-17 19:37 .keep lrwxrwxrwx 1 root root 18 2010-09-01 11:30 linux -> linux-2.6.35-ck-r2 drwxr-xr-x 24 root root 1584 2010-09-01 02:12 linux-2.6.35-ck-r2 -- alan dot mckinnon at gmail dot com