few ideas how to make fedora better as a desktop
Andrew Farris
lordmorgul at gmail.com
Thu Mar 27 21:45:45 UTC 2008
Jeff Spaleta wrote:
> On Thu, Mar 27, 2008 at 12:32 PM, Chris Adams <cmadams at hiwaay.net> wrote:
>
>> bin vs. sbin is not at all a security measure, since users can already
>> run things in sbin just by using the full path (or adding the sbin dirs
>> to their PATH).
>>
> By default its not... but on a multiuser system you can restrict access the
> sbin directories
> limiting access.. in a way that package updates don't revert your changes.
>
> If our intent is to expose these binaries, and encourage a culture where
> normal users can expect access to these paths and the binaries in them, then
> it would make some sense to be sure we aren't creating an additional admin
> burden that forces admins to re-restrict access to paths that Fedora users
> come to expect.... for the sake of limiting access to a handle full of
> setuid'd binaries.
Yes it should be carefully considered, but if the administrator has restricted access via
perms or acls to those directories, then it will not matter if the user has them included
in their path. With access restrictions in place, a normal user typing ifconfig vs
/sbin/ifconfig will get the same result -- denied access. On a system where the access
restrictions are not in place the result would differ. So if an administrator has
restricted them or not should not effect how they behave (whether suid or not); they have
access or they don't. The security issue is there right now for suid binaries and the
changes discussed so far here should not effect that security issue one way or the other.
--
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3
No one now has, and no one will ever again get, the big picture. - Daniel Geer
---- ----
More information about the fedora-devel-list
mailing list