Directory structures in the future and other things I want.
Daniel P. Berrange
berrange at redhat.com
Thu Mar 27 22:52:21 UTC 2008
On Thu, Mar 27, 2008 at 02:43:51PM -0800, Jeff Spaleta wrote:
> 2008/3/27 Jesse Keating <jkeating at redhat.com>:
>
> >
> > Again, this argument is bunk. If they're not supposed to be ran by
> > normal users, hiding them behind a path is no form of security. One can
> > just run the full path to it. If they're not supposed to be ran by
> > users, they should have correct permissions on them, or they should
> > check EUID of the caller before doing anything.
> >
>
>
> The question is, do we have programs down the sbins that make the wrong
> assumption about path segregation equalling protection? And if so, how
> many? The obvious ones to me that need scrutiny are the executables that
> are setuid root. Do we need to take some extra care about those setuid'd
> executables?
The only problem is potentially the way we use console-helper for various
apps. eg, you have '/usr/bin/virt-manager' and '/usr/sbin/virt-manager'
and relies on the fact that /usr/bin is first in the path to make sure
the user runs the console-helper variant rather than the real binary.
As long as /sbin, and /usr/sbin come last in the $PATH it should be OK
though & of course this is scheduled for replacement with PolicyKit anyway
Dan.
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the fedora-devel-list
mailing list