-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/04/2012 08:56 PM, William Hubbs wrote: > On Wed, Jul 04, 2012 at 02:20:36PM -0400, Rick "Zero_Chaos" Farina > wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 07/04/2012 01:58 PM, Michał Górny wrote:
>> We could allow writes in the directories but not to the kernel >> source files themselves... that seems moderately sane even as the >> source files don't need to be written to be compiled, only the >> dir's need write permissions... > > Actually the directories do not need write permissions either. Take > a look at the O= option documented in /usr/src/linux/README. > > William > Um, well, users can then write the the compiled files (.o in the tree). You can also set `chmod -R g+w /` and gave everyone full access. I think running kernels from non-root checkouts is a pretty big security hole. Michael - -- Gentoo Dev http://xmw.de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk/0lFQACgkQknrdDGLu8JD3AwD8CWdFJemXSh4O4xS94AXfo1Bw 6XwIhGspPvP/EGI/+7cBAI486fBSopMQxB/IaFyDnwVxriLZxOan5SrqMJXWa8b5 =+ocR -----END PGP SIGNATURE-----