few ideas how to make fedora better as a desktop
Jeff Spaleta
jspaleta at gmail.com
Thu Mar 27 20:59:02 UTC 2008
On Thu, Mar 27, 2008 at 12:32 PM, Chris Adams <cmadams at hiwaay.net> wrote:
>
> bin vs. sbin is not at all a security measure, since users can already
> run things in sbin just by using the full path (or adding the sbin dirs
> to their PATH).
>
By default its not... but on a multiuser system you can restrict access the
sbin directories
limiting access.. in a way that package updates don't revert your changes.
If our intent is to expose these binaries, and encourage a culture where
normal users can expect access to these paths and the binaries in them, then
it would make some sense to be sure we aren't creating an additional admin
burden that forces admins to re-restrict access to paths that Fedora users
come to expect.... for the sake of limiting access to a handle full of
setuid'd binaries.
-jef
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080327/720cfa22/attachment.htm>
More information about the fedora-devel-list
mailing list