From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OuX13-0003lC-0L for garchives@archives.gentoo.org; Sat, 11 Sep 2010 20:49:41 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 96292E0796; Sat, 11 Sep 2010 20:49:03 +0000 (UTC) Received: from mail-gy0-f181.google.com (mail-gy0-f181.google.com [209.85.160.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 784E6E0796 for ; Sat, 11 Sep 2010 20:49:03 +0000 (UTC) Received: by gyf1 with SMTP id 1so2278257gyf.40 for ; Sat, 11 Sep 2010 13:49:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=YfE6LiCzljVo4S+1Si1jSUBhiKruwFsKGke1vkrSPBA=; b=MmUpT5KGAQRQml+obueG58btPY/+CS8rKHprQVB0MgKgKhk5eNv8M+O36EPlWin/+U fdG71yhBu3vImF6ryLBeKjw2csWL+AV+Qh358y7CQlYiOrKZolDsbAHBP+F6JK3EtpvX ol2yl25X3Ju/ZCrAm5opZFe40pKYgtyKzubfY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=cYKdap4KoQZ66t2FABvXZJREd90TpLyQudgA+AkRSHyO9Jw3kT9spuDTvqNprrdR4E X+D9LUx4XqDk17ZHXaO2uD62cTnNcULnMLhIV1SiX7QQVox6SEv3klcTTCfGJ2Yv1k+N iK+r+Ch+Dtoczc7PoEGSlF14TFMFFMHv6Sa1E= Received: by 10.101.69.3 with SMTP id w3mr2419813ank.178.1284238143117; Sat, 11 Sep 2010 13:49:03 -0700 (PDT) Received: from [192.168.1.2] (adsl-0-94-87.jan.bellsouth.net [65.0.94.87]) by mx.google.com with ESMTPS id x19sm6530688anc.5.2010.09.11.13.49.01 (version=SSLv3 cipher=RC4-MD5); Sat, 11 Sep 2010 13:49:02 -0700 (PDT) Message-ID: <4C8BEB3C.6030202@gmail.com> Date: Sat, 11 Sep 2010 15:49:00 -0500 From: Dale User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100909 Gentoo/2.0.7 SeaMonkey/2.0.7 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: sudo in kernel config ? References: <201009111024.31634.stephane@22decembre.eu> <1284198419.2992.20.camel@paska> <201009112218.05042.alan.mckinnon@gmail.com> <4C8BE82E.6020500@gmail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Archives-Salt: fad9af1a-d6c0-4385-bd9d-0bcb5efd3ce6 X-Archives-Hash: f84d5eb40426d95f6870455d6575465e Nikos Chantziaras wrote: > On 09/11/2010 11:35 PM, Dale wrote: >> Alan McKinnon wrote: >>> Apparently, though unproven, at 11:46 on Saturday 11 September 2010, >>> Albert >>> Hopkins did opine thusly: >>> >>>> On Sat, 2010-09-11 at 10:24 +0200, St=C3=A9phane Guedon wrote: >>>>> few months ago, I read linux kernel in a nutschell(sic), and the=20 >>>>> author >>>>> wrote we shouldn't do kernel operations (config and build) as root. >>>> I call bullsh*t. I've been compiling kernels for 17 years and for th= e >>>> most part have done it as root without any problems. >>> Same here. >>> >>> The root user (sometimes portage) creates /usr/src/linux-* >>> >>> Someone tell me again exactly how user alan is supposed to build thos= e >>> sources? >>> >> >> If they are accessible by a user, couldn't a user then edit or add >> something that would then cause a security problem? If they can edit >> them and no one know it, then root comes along and builds a shiney new >> kernel with a really nice security hole. >> >> Glad only root can get to the sources. ;-) > > No, any user can't edit them; only the user you assign the files to.=20 > If you assign them to root, only root can edit them. If you assign=20 > them to kerneluser, only kerneluser can edit them. > > This is Unix 101 :) > > My point was, if the sources are say in the user group, then any user=20 can edit them? Right now, they are in the root group and owned my root=20 which for security reasons is a good idea. That way a regular user=20 can't edit or modify the kernel sources. Dale :-) :-)