bash 3.1 update
peter.bieshaar at gmail.com
Thu Jan 5 13:00:09 UTC 2006
agree to all above,
if I create a package (normally under Solaris, sorry I'm a Solaris person
and spying on you :) ) I make the permissions as strict as possible.
IMHO there is normally no reason WHY a binary executable should be readable.
I checked my laptop (FC4) and saw the permissions indeed 755 for bash. A 111
(---x--x--x) is normally enough for a binary. In very rare cases a suid/sgid
should (not) be set (see my grey hair).The kernel will still read it
though magic and kernel drivers. Script permissions is another story
My strategy is to make it as difficult as much to myself and try to secure
the system from bottom-up. In other words, I should re-define permissions as
strict as possible in the rpm. But that is another discussion.
This might be a point for FC6??
2006/1/5, Russell Coker <russell at coker.com.au>:
> On Wednesday 04 January 2006 07:16, darrell pfeifer <darrellpf at gmail.com>
> > I have very current rawhide system. This morning I updated bash,
> > selinux, coreutils, binutils, glibc....
> libsetrans-0.1.13-1 is broken in regard to rpm, which could potentially
> cascading failures. Best to upgrade or downgrade that package. Not sure
> it's related to your problem though.
> > I used a set of FC4 disks to boot into rescue mode. Bash had only read
> > permission for group/other. Changing bash to rw for everyone got me a
> > runnable system again.
> You certainly don't want rw for everyone! Bash should be mode 0755 or
> similar, r-x for everyone.
> http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/ My home page
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the fedora-devel-list