UsrMove feature (was Re: FESCo meeting minutes for 2011-10-24)
Ralf Corsepius
rc040203 at freenet.de
Wed Oct 26 13:58:34 UTC 2011
On 10/26/2011 03:40 PM, Harald Hoyer wrote:
> On 10/24/2011 08:05 PM, Chris Adams wrote:
>>> ===================================
>>> #fedora-meeting: FESCO (2011-10-24)
>>> ===================================
>>> * Discussion about https://fedoraproject.org/wiki/Features/UsrMove
>>> (t8m, 17:26:45)
>>
>
>
> Sometimes you have to clean up your room and tidy up the mess, which
> piled up over time. This cleanup can be done on one day and checked in
> by one person. It's not rocket science! It does not break anything,
> because the compat symlinks will _not_ go away.
>
> About "sbin": How exactly does "hiding" stuff prevent users, who open a
> _shell_, to use those tools? They cannot do any bad stuff with it anyway.
Think about the tradional difference "su" between "su -" and think about
bugs in these tools.
A user who doesn't have "sbin" in $PATH isn't exposed to the risks these
tools might bear.
It's not a means to protect users against malicious intruders,
comparable to "flaps on switches in real life", it's a mild means to
protect users against accidents they themselves might expose themselves.
> With the compat symlinks, you even have no path problems anymore with
> any alien scripts you run. All tools are reachable through any standard
> path.
== molesting all users.
== exposing all users.
== equivalent to the adding "sbin" to $PATH mistake ... just different,
no improvment.
More information about the devel
mailing list