Is it time to allow Chromium in Fedora?
Ian Malone
ibmalone at gmail.com
Wed Aug 12 14:44:10 UTC 2015
On 12 August 2015 at 09:33, Reindl Harald <h.reindl at thelounge.net> wrote:
>
> Am 12.08.2015 um 02:42 schrieb Thomas Daede:
>>>>
>>>> *if* you use binary tarballs they *should not* be extracted in a user
>>>> writeable location as *no binary* whenever possible should have
>>>> permissions allowing a ordinary user to change them
>>>
>>>
>>> This is simply not the way how end users install original Mozilla
>>> Firefox binaries.
>>
>>
>> In addition, if you have write access to ~/, you can also change .bashrc
>> to add paths to executable files and do all sorts of other nasty things
>
>
> that's why chattr exists
>
> chattr +i ~/.bashrc
> chattr +i ~/.bash_profile
>
> [root at rh:~]$ touch /home/harry/.bashrc
> touch: cannot touch '/home/harry/.bashrc': Permission denied
>
However a compromised application that can write files can probably
make executable and fork too. So while immutable provides limited
protection, if the real attack surface is the web browser and the
worry is privilege escalation then overwriting .bashrc is a side show.
Having to run the browser as root to update it (which would remove
most of the advantage of automated updates by the mozilla binary)
replaces exposing user privileges with exposing root privileges. If
you really wanted to be paranoid about this you'd make a separate user
account with write permission for that binary to be used for updates.
(Which is one of the reasons package managers are a good idea.)
--
imalone
http://ibmalone.blogspot.co.uk
More information about the devel
mailing list