On Thu, 2008-03-27 at 14:43 -0800, Jeff Spaleta wrote:
The question is, do we have programs down the sbins that make the wrong
assumption about path segregation equalling protection? And if so, how
many? The obvious ones to me that need scrutiny are the executables that
are setuid root. Do we need to take some extra care about those setuid'd
executables?
This question applies today regardless of default path statements.
Absolutely nothing on a default Fedora system prevents me as a non-root
user from calling any setuid binary from (/usr)/sbin. Nothing. If
we're concerned about the security of these things, we would have to
audit them regardless of any path changes. Period.
--
Jesse Keating
Fedora -- All my bits are free, are yours?