SELinux - a call for end-of-life.

Ed Greshko Ed.Greshko at greshko.com
Thu Sep 2 13:58:51 UTC 2010


 On 09/02/2010 08:41 PM, Tim wrote:
> Ed Greshko:
>>>> Are you saying that you think it is a good idea to be allowed to chown
>>>> of a file under your UID to another's UID as a normal user?
> Tim:
>>> You've never downloaded a file as one user, that another user wanted, or
>>> another of your own logins needed, and then had to move it from one to
>>> the other?
> Ed Greshko:
>> That wasn't my question....
> Well it was the situation I was originally talking about.  Are you
> saying that nobody should be allowed to do that?
>
I am saying that it would be fraught with danger.  You'd need to control
who and under what circumstances a given user would be allowed to disown
a file and transfer ownership to another.  I can see it being abused
(intentionally or unintentionally...due to mis-configuration or whatnot)
where an executable is "given" to a "target" and bad things could
result.  I just see that too much thought would be needed to put this
into practice. 

In real life, I don't think it is as easy or straight forward as imagined.


-- 
Q: Why should you always serve a Southern Carolina football man soup in
a plate? A: 'Cause if you give him a bowl, he'll throw it away. 葛斯克
愛德華 / 台北市八德路四段

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20100902/48bde188/attachment.bin 


More information about the users mailing list