From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-114783-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1OuXvE-00076K-IY
	for garchives@archives.gentoo.org; Sat, 11 Sep 2010 21:47:45 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 915AEE09BA;
	Sat, 11 Sep 2010 21:47:10 +0000 (UTC)
Received: from mail-yx0-f181.google.com (mail-yx0-f181.google.com [209.85.213.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id 6FADEE09BA
	for <gentoo-user@lists.gentoo.org>; Sat, 11 Sep 2010 21:47:10 +0000 (UTC)
Received: by yxh35 with SMTP id 35so2235166yxh.40
        for <gentoo-user@lists.gentoo.org>; Sat, 11 Sep 2010 14:47:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:reply-to
         :user-agent:mime-version:to:subject:references:in-reply-to
         :content-type:content-transfer-encoding;
        bh=kvipiFvZ0oiJrOib56dC/lLEvLWaJIirwRsWpmgB+L8=;
        b=Ddi+rrjsKcclkcLbyraKgUD4yhFtzqRtKZP9Wx5lqIQiboLPJqePa3xBsROuShAMOX
         3CHuHScEYUDsAgagXvvznG0FxXZ7V3VjhEfdvI434XX6euMq109U2S+46r4D30qS9lKF
         8T8lo2XF51VDTVjArV6mMBjiuOXOO10SiQKsc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:reply-to:user-agent:mime-version:to:subject
         :references:in-reply-to:content-type:content-transfer-encoding;
        b=QG9h1HQWE1P7rqG9DPpmve3NBD86vWll6OwdWVInnWVNulmrJNRn1pfBflZeCmd2x5
         qLefg2p5GR5tvwGaMXI57xLi+64RpE955hGrjGUfRRFt9nTfiVzbJ3TF0vP3l0fL1c/d
         LjlVSYdDUpf5fALT3b/BG8CP+fxvwR/DRJkac=
Received: by 10.151.62.21 with SMTP id p21mr1104724ybk.170.1284241629820;
        Sat, 11 Sep 2010 14:47:09 -0700 (PDT)
Received: from [192.168.1.2] (adsl-0-94-87.jan.bellsouth.net [65.0.94.87])
        by mx.google.com with ESMTPS id 36sm1328249ybr.20.2010.09.11.14.47.08
        (version=SSLv3 cipher=RC4-MD5);
        Sat, 11 Sep 2010 14:47:09 -0700 (PDT)
Message-ID: <4C8BF8DB.7030502@gmail.com>
Date: Sat, 11 Sep 2010 16:47:07 -0500
From: Dale <rdalek1967@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100909 Gentoo/2.0.7 SeaMonkey/2.0.7
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: sudo in kernel config ?
References: <201009111024.31634.stephane@22decembre.eu> <1284198419.2992.20.camel@paska> <201009112218.05042.alan.mckinnon@gmail.com> <4C8BE82E.6020500@gmail.com> <i6gpim$8m3$1@dough.gmane.org> <4C8BEB3C.6030202@gmail.com> <i6gqlp$c8h$1@dough.gmane.org>
In-Reply-To: <i6gqlp$c8h$1@dough.gmane.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: a9cdfa73-7866-474b-ad28-14cb8a5dc786
X-Archives-Hash: b90a0f3fc920bb708c9b1dc9318065c5

Nikos Chantziaras wrote:
> On 09/11/2010 11:49 PM, Dale wrote:
>> Nikos Chantziaras wrote:
>>> On 09/11/2010 11:35 PM, Dale wrote:
>>>> Alan McKinnon wrote:
>>>>> Apparently, though unproven, at 11:46 on Saturday 11 September 2010=
,
>>>>> Albert
>>>>> Hopkins did opine thusly:
>>>>>
>>>>>> On Sat, 2010-09-11 at 10:24 +0200, St=C3=A9phane Guedon wrote:
>>>>>>> few months ago, I read linux kernel in a nutschell(sic), and the
>>>>>>> author
>>>>>>> wrote we shouldn't do kernel operations (config and build) as roo=
t.
>>>>>> I call bullsh*t. I've been compiling kernels for 17 years and for=20
>>>>>> the
>>>>>> most part have done it as root without any problems.
>>>>> Same here.
>>>>>
>>>>> The root user (sometimes portage) creates /usr/src/linux-*
>>>>>
>>>>> Someone tell me again exactly how user alan is supposed to build=20
>>>>> those
>>>>> sources?
>>>>>
>>>>
>>>> If they are accessible by a user, couldn't a user then edit or add
>>>> something that would then cause a security problem? If they can edit
>>>> them and no one know it, then root comes along and builds a shiney n=
ew
>>>> kernel with a really nice security hole.
>>>>
>>>> Glad only root can get to the sources. ;-)
>>>
>>> No, any user can't edit them; only the user you assign the files to.
>>> If you assign them to root, only root can edit them. If you assign
>>> them to kerneluser, only kerneluser can edit them.
>>>
>>> This is Unix 101 :)
>>>
>>>
>>
>> My point was, if the sources are say in the user group, then any user
>> can edit them? Right now, they are in the root group and owned my root
>> which for security reasons is a good idea. That way a regular user can=
't
>> edit or modify the kernel sources.
>
> The group can only write if the files have the group write permission=20
> set.  Still in Unix 101 domain, hehe :)
>

I know that.  Why would a person want anyone BUT root to be able to=20
access and change the kernel sources?  Lets see if asking it this way=20
makes more sense.  lol

Dale

:-)  :-)