RFC: Remove write permissions from executables
Benny Amorsen
benny+usenet at amorsen.dk
Wed Jan 27 15:10:39 UTC 2010
Richard Zidlicky <rz at linux-m68k.org> writes:
> Mounting the fs read only is much easier and safer - and has long tradition.
This is not feasible as a distribution policy. You can't guarantee that
/usr/bin is on its own partition so you can mount it read only. The only
way to achieve it would be creative use of mount --bind, something which
certainly goes against tradition.
Also, the advantage of the proposed change was that it would not affect
e.g. yum upgrade. Creative use of mount --bind could perhaps achieve the
same result, but not in a way which I consider sane.
All in all I think it's a shame that the original proposal didn't work
out at this time. Having binaries owned by bin:bin does have Unix (but
not Linux AFAIK) tradition behind it.
/Benny
More information about the devel
mailing list