On Sunday, October 21, 2012 10:45:24 PM UTC+1, Jeroen Demeyer wrote: > One problem is that extracting tarballs is inherently dangerous. The > user who happens to have UID 1237 is able to root the system because of > this. I'm not sure what to do here... >
It might be a good idea to untar --no-same-owner, I think all versions of gnu and bsd tar support that. Its not an automatic security issue, though. Depending on the system it might be perfectly safe (even if lazy of the admin) to compile stuff as root. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To post to this group, send email to sage-devel@googlegroups.com. To unsubscribe from this group, send email to sage-devel+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/sage-devel?hl=en.
