More PATH fallout. Who decided this was a good idea?

Seth Vidal skvidal at fedoraproject.org
Sat Dec 6 06:06:41 UTC 2008



On Fri, 5 Dec 2008, Jesse Keating wrote:

> On Fri, 2008-12-05 at 20:29 -0500, Steve Grubb wrote:
>> These are required to be this way for our Common Criteria evaluations.
>
> Is the thought here that if the code can be executed by a non-root user,
> the audit of the code would have to be far more strict?  If you keep the
> user from being able to execute, you don't have to worry as much about
> how they might exploit it?

And do we seriously think we can keep the code away from a non-root user 
by chmodd'ing the binaries? A user can get a binary for anything 
fedora can install in about 30s w/firefox.

-sv






More information about the fedora-devel-list mailing list