Re: Rawhide kernel image no longer readable

2010-11-23 Thread Jon Masters
On Sat, 2010-11-20 at 22:45 -0500, Kyle McMartin wrote: > On Sun, Nov 21, 2010 at 04:41:47AM +0100, Kevin Kofler wrote: > > Richard W.M. Jones wrote: > > > The thing is, we really need to be able to boot a kernel in qemu as > > > non-root, and carrying around a separately compiled or packaged kerne

Re: Rawhide kernel image no longer readable

2010-11-20 Thread Tom Lane
Kyle McMartin writes: > On Sun, Nov 21, 2010 at 04:41:47AM +0100, Kevin Kofler wrote: >> Uhm, indeed, making publicly available files non-readable is really useless. > If it stops even one automated attack, then it's worth while. That's completely ridiculous. Shutting down Fedora altogether wou

Re: Rawhide kernel image no longer readable

2010-11-20 Thread Kyle McMartin
On Sun, Nov 21, 2010 at 04:41:47AM +0100, Kevin Kofler wrote: > Richard W.M. Jones wrote: > > The thing is, we really need to be able to boot a kernel in qemu as > > non-root, and carrying around a separately compiled or packaged kernel > > is in nobody's interest. > > > > I'm fairly sure this won

Re: Rawhide kernel image no longer readable

2010-11-20 Thread Kevin Kofler
Richard W.M. Jones wrote: > The thing is, we really need to be able to boot a kernel in qemu as > non-root, and carrying around a separately compiled or packaged kernel > is in nobody's interest. > > I'm fairly sure this won't be the only application to break. We found > it first because we are c

Re: Rawhide kernel image no longer readable

2010-11-20 Thread Richard W.M. Jones
On Sat, Nov 20, 2010 at 04:15:51PM -0500, Kyle McMartin wrote: > On Fri, Nov 19, 2010 at 11:14:39PM +, Richard W.M. Jones wrote: > > Kyle, > > > > From latest Rawhide kernel.rpm: > > > > * Wed Nov 17 2010 Kyle McMartin > > - Make vmlinuz/System.map root read-write only by default. You can >

Re: Rawhide kernel image no longer readable

2010-11-20 Thread Kyle McMartin
On Fri, Nov 19, 2010 at 11:14:39PM +, Richard W.M. Jones wrote: > Kyle, > > From latest Rawhide kernel.rpm: > > * Wed Nov 17 2010 Kyle McMartin > - Make vmlinuz/System.map root read-write only by default. You can > just chmod 644 them later if you (unlikely) need them without root. > > Th

Rawhide kernel image no longer readable

2010-11-19 Thread Richard W.M. Jones
Kyle, >From latest Rawhide kernel.rpm: * Wed Nov 17 2010 Kyle McMartin - Make vmlinuz/System.map root read-write only by default. You can just chmod 644 them later if you (unlikely) need them without root. This completely breaks libguestfs. We need to be able to read the kernel image in orde