More PATH fallout. Who decided this was a good idea?
Callum Lerwick
seg at haxxed.com
Sat Dec 6 19:05:19 UTC 2008
On Sat, 2008-12-06 at 13:05 -0500, Steve Grubb wrote:
> But even if we did use the filesystem capabilities, now you have a program with
> elevated privileges and much more work has to be done to prove that its safe,
> document its internal logic, and test its protection. Any program with file
> system capabilities becomes a target for attack.
>
> And all this work just for --help ? Seriously.
Which is why we don't do all this work, because it is indeed stupid and
pointless, and we just chmod 755 /usr/sbin/user* and be done with it.
Relying purely on userspace to enforce security is fundamentally broken.
Face it, Fedora is never going to be certified. Why then would people
pay for RHEL. ;D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20081206/3c523341/attachment.bin
More information about the devel
mailing list