Directory structures in the future and other things I want.
Jesse Keating
jkeating at redhat.com
Thu Mar 27 22:55:12 UTC 2008
On Thu, 2008-03-27 at 14:43 -0800, Jeff Spaleta wrote:
>
>
> The question is, do we have programs down the sbins that make the wrong
> assumption about path segregation equalling protection? And if so, how
> many? The obvious ones to me that need scrutiny are the executables that
> are setuid root. Do we need to take some extra care about those setuid'd
> executables?
This question applies today regardless of default path statements.
Absolutely nothing on a default Fedora system prevents me as a non-root
user from calling any setuid binary from (/usr)/sbin. Nothing. If
we're concerned about the security of these things, we would have to
audit them regardless of any path changes. Period.
--
Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080327/d5db91a1/attachment.sig>
More information about the fedora-devel-list
mailing list