Is it time to allow Chromium in Fedora?
Reindl Harald
h.reindl at thelounge.net
Tue Aug 11 21:07:33 UTC 2015
Am 11.08.2015 um 23:03 schrieb Mustafa Muhammad:
>
> On Aug 12, 2015 12:00 AM, "Mustafa Muhammad" <mustafa1024m at gmail.com
> <mailto:mustafa1024m at gmail.com>> wrote:
> >
> >
> > On Aug 11, 2015 11:29 PM, "Reindl Harald" <h.reindl at thelounge.net
> <mailto:h.reindl at thelounge.net>> wrote:
> > >
> > >
> > >
> > > Am 11.08.2015 um 22:18 schrieb Mustafa Muhammad:
> > >>
> > >> > If I knew Mozilla's Linux binaries provided its own update
> mechanism
> > >> > and notification, yes I would do exactly that.
> > >>
> > >> I am pretty sure they get updated just like Windows and OS X binaries,
> > >> but the tar ball should be extracted in a user writable location
> > >
> > >
> > > nonsense
> > >
> > > *if* you use binary tarballs they *should not* be extracted in a
> user writeable location as *no binary* whenever possible should have
> permissions allowing a ordinary user to change them
> > >
> > > they should be extracted to /usr/local/ with root-only
> write-permissions and you have to just start the application as root for
> updates - not only on Linux, on *any* operating system
> > >
> > > and since most users are not able to cope with this security
> principals package managers exists
> > > _________________________________________
> > >
> > > http://www.tldp.org/HOWTO/Security-HOWTO/file-security.html
> > >
> > > World-writable files, particularly system files, can be a security
> hole if a cracker gains access to your system and modifies them.
> Additionally, world-writable directories are dangerous, since they allow
> a cracker to add or delete files as he wishes
> >
> > My home is not world writable.
> > The way you pointed is the better way, of course, but I think even my
> simple way is better than waiting for package updates from the repos
> when an exploit is in the wild.
>
> By the way, running an application as root, even fit just updating it is
> dangerous
besides your home *is wolrd writable* when a remote xploit happens to a
any application you are running do some simple calculation what is more
likely to be exploited:
* your application running with your user all day long
handling random input data from all over the web
* your application started once as root only for the
purpose of install updates
if you don't realize the difference there is no help...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150811/f14b0193/attachment.sig>
More information about the devel
mailing list