SELinux - a call for end-of-life.
Ed Greshko
Ed.Greshko at greshko.com
Thu Sep 2 13:58:51 UTC 2010
On 09/02/2010 08:41 PM, Tim wrote:
> Ed Greshko:
>>>> Are you saying that you think it is a good idea to be allowed to chown
>>>> of a file under your UID to another's UID as a normal user?
> Tim:
>>> You've never downloaded a file as one user, that another user wanted, or
>>> another of your own logins needed, and then had to move it from one to
>>> the other?
> Ed Greshko:
>> That wasn't my question....
> Well it was the situation I was originally talking about. Are you
> saying that nobody should be allowed to do that?
>
I am saying that it would be fraught with danger. You'd need to control
who and under what circumstances a given user would be allowed to disown
a file and transfer ownership to another. I can see it being abused
(intentionally or unintentionally...due to mis-configuration or whatnot)
where an executable is "given" to a "target" and bad things could
result. I just see that too much thought would be needed to put this
into practice.
In real life, I don't think it is as easy or straight forward as imagined.
--
Q: Why should you always serve a Southern Carolina football man soup in
a plate? A: 'Cause if you give him a bowl, he'll throw it away. 葛斯克
愛德華 / 台北市八德路四段
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20100902/48bde188/attachment.bin
More information about the users
mailing list