Directory structures in the future and other things I want.
Jeff Spaleta
jspaleta at gmail.com
Thu Mar 27 23:06:46 UTC 2008
2008/3/27 Jesse Keating <jkeating at redhat.com>:
> This question applies today regardless of default path statements.
> Absolutely nothing on a default Fedora system prevents me as a non-root
> user from calling any setuid binary from (/usr)/sbin. Nothing. If
> we're concerned about the security of these things, we would have to
> audit them regardless of any path changes. Period.
>
I'm not disagreeing. What I am suggesting that perhaps historic choices have
been made under the false assumption that path separation would provide
protection. And now that we are considering things be put into the default
path for all user, its a really good time to check to see if that false
assumption still lingers. Not as a blocker on action but as an opportunity
to focus our attention on the sbin executables.
-jef
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/devel/attachments/20080327/92f02fc2/attachment-0002.html
More information about the devel
mailing list