From: Dale <rdalek1967@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: sudo in kernel config ?
Date: Sat, 11 Sep 2010 15:49:00 -0500 [thread overview]
Message-ID: <4C8BEB3C.6030202@gmail.com> (raw)
In-Reply-To: <i6gpim$8m3$1@dough.gmane.org>
Nikos Chantziaras wrote:
> On 09/11/2010 11:35 PM, Dale wrote:
>> Alan McKinnon wrote:
>>> Apparently, though unproven, at 11:46 on Saturday 11 September 2010,
>>> Albert
>>> Hopkins did opine thusly:
>>>
>>>> On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote:
>>>>> few months ago, I read linux kernel in a nutschell(sic), and the
>>>>> author
>>>>> wrote we shouldn't do kernel operations (config and build) as root.
>>>> I call bullsh*t. I've been compiling kernels for 17 years and for the
>>>> most part have done it as root without any problems.
>>> Same here.
>>>
>>> The root user (sometimes portage) creates /usr/src/linux-*
>>>
>>> Someone tell me again exactly how user alan is supposed to build those
>>> sources?
>>>
>>
>> If they are accessible by a user, couldn't a user then edit or add
>> something that would then cause a security problem? If they can edit
>> them and no one know it, then root comes along and builds a shiney new
>> kernel with a really nice security hole.
>>
>> Glad only root can get to the sources. ;-)
>
> No, any user can't edit them; only the user you assign the files to.
> If you assign them to root, only root can edit them. If you assign
> them to kerneluser, only kerneluser can edit them.
>
> This is Unix 101 :)
>
>
My point was, if the sources are say in the user group, then any user
can edit them? Right now, they are in the root group and owned my root
which for security reasons is a good idea. That way a regular user
can't edit or modify the kernel sources.
Dale
:-) :-)
next prev parent reply other threads:[~2010-09-11 20:49 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-11 8:24 [gentoo-user] sudo in kernel config ? Stéphane Guedon
2010-09-11 9:46 ` Albert Hopkins
2010-09-11 10:41 ` Stéphane Guedon
2010-09-11 13:43 ` Volker Armin Hemmann
2010-09-11 15:53 ` Albert Hopkins
2010-09-11 20:18 ` Alan McKinnon
2010-09-11 20:34 ` [gentoo-user] " Nikos Chantziaras
2010-09-11 20:51 ` Alan McKinnon
2010-09-11 21:05 ` Nikos Chantziaras
2010-09-12 8:14 ` Stéphane Guedon
2010-09-11 20:35 ` [gentoo-user] " Dale
2010-09-11 20:28 ` Etaoin Shrdlu
2010-09-11 20:49 ` Alan McKinnon
2010-09-11 22:05 ` Peter Humphrey
2010-09-11 22:03 ` Etaoin Shrdlu
2010-09-11 23:06 ` Peter Humphrey
2010-09-11 23:15 ` [gentoo-user] Re: [OT] " Etaoin Shrdlu
2010-09-12 9:16 ` Peter Humphrey
2010-09-12 10:24 ` Etaoin Shrdlu
2010-09-12 16:45 ` [gentoo-user] " Al
2010-09-11 20:42 ` [gentoo-user] " Nikos Chantziaras
2010-09-11 20:49 ` Dale [this message]
2010-09-11 21:01 ` Nikos Chantziaras
2010-09-11 21:30 ` Alan McKinnon
2010-09-11 21:47 ` Dale
2010-09-11 23:17 ` Alan McKinnon
2010-09-12 16:59 ` walt
2010-09-11 17:59 ` Nikos Chantziaras
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C8BEB3C.6030202@gmail.com \
--to=rdalek1967@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox