RFC: Remove write permissions from executables
Serge E. Hallyn
serue at us.ibm.com
Wed Jan 27 17:11:41 UTC 2010
Quoting Benny Amorsen (benny+usenet at amorsen.dk):
> Richard Zidlicky <rz at linux-m68k.org> writes:
>
> > Mounting the fs read only is much easier and safer - and has long tradition.
>
> This is not feasible as a distribution policy. You can't guarantee that
> /usr/bin is on its own partition so you can mount it read only. The only
> way to achieve it would be creative use of mount --bind, something which
> certainly goes against tradition.
>
> Also, the advantage of the proposed change was that it would not affect
> e.g. yum upgrade. Creative use of mount --bind could perhaps achieve the
> same result, but not in a way which I consider sane.
>
> All in all I think it's a shame that the original proposal didn't work
> out at this time. Having binaries owned by bin:bin does have Unix (but
> not Linux AFAIK) tradition behind it.
And remounting ro doesn't let a task with CAP_DAC_OVERRIDE write.
-serge
More information about the devel
mailing list