More PATH fallout. Who decided this was a good idea?
cmadams at hiwaay.net
Sat Dec 6 06:26:32 UTC 2008
Once upon a time, Seth Vidal <skvidal at fedoraproject.org> said:
> And do we seriously think we can keep the code away from a non-root user
> by chmodd'ing the binaries? A user can get a binary for anything
> fedora can install in about 30s w/firefox.
The same really applies to RHEL, except it might take a few minutes.
There's not much reason for any file that isn't intended to be modified
(e.g. included in an RPM and not marked %config) to be "protected".
I opened a bug (441495) about BIND permissions (in RHEL 5 specifically
but Fedora as well) a while back, because the restricted permissions are
even stupider there; it is possible to allow a non-root user to use rndc
with permissions on the rndc config file, but RHEL/Fedora distribute
rndc owned root:root perms 0750.
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the fedora-devel-list