-----BEGIN PGP SIGNED MESSAGE-----
On 10/30/2013 10:11 AM, Matthew Miller wrote:
There is some concern on the devel mailing list about user-writable
directories in the default $PATH -- initially discussion about
~/.local/bin as a hidden file, but now also out to ~/bin as well. I notice
that these are home_bin_t. What does this do with the current policy, and
what more could we do? (Particularly, a compromised application shouldn't
be able to put binaries there, but a shell script or something like `pip
install` probably _should_ be able to.)
I responded on the other email on what these labels do.
Confining user space is difficult, since most people do not want stuff to
break and blocking apps from writing general places in the homedir is difficult.
I think the future with confined applications where the application runs
within a container and does not get direct access to the users homedir is the
only way to handle this.
Imaging firefox running with its own home dir but when user wants to upload a
file or download a file, firefox asks the desktop to launch the file dialog,
which runs in a separate process controlled by the user. The user then
specifies the file location and file dialog process opens fd or creates fd and
passes fd into the firefox container. Now the firefox app can write the FD,
but it would not be able to get to ~/bin or ~/.local/bin within the users home
Until we get to this type of architecture it is very difficult to confine
large apps like Libreoffice, Firefox, Thunderbird, Evolution ...
Personally I think if you are going to put ~/bin or ~/.local/bin into the
users path they should be at the end of the path rather then the front. Then
the user has less chance of executing the wrong executable. Like the mkdir
example, but he can still execute applications in his homedir.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----