Directory structures in the future and other things I want.

[Daniel P. Berrange]

On Thu, Mar 27, 2008 at 02:43:51PM -0800, Jeff Spaleta wrote:
> 2008/3/27 Jesse Keating <jkeating at redhat.com>:
> 
> >
> > Again, this argument is bunk.  If they're not supposed to be ran by
> > normal users, hiding them behind a path is no form of security.  One can
> > just run the full path to it.  If they're not supposed to be ran by
> > users, they should have correct permissions on them, or they should
> > check EUID of the caller before doing anything.
> >
> 
> 
> The question is, do we have programs down the sbins that make the wrong
> assumption about path segregation equalling protection?  And if so, how
> many?  The obvious ones to me that need scrutiny are the executables that
> are setuid root.  Do we need to take some extra care about those setuid'd
> executables?

The only problem is potentially the way we use console-helper for various
apps. eg, you have  '/usr/bin/virt-manager' and '/usr/sbin/virt-manager'
and relies on the fact that /usr/bin is first in the path to make sure
the user runs the console-helper variant rather than the real binary.
As long as /sbin, and /usr/sbin come last in the $PATH it should be OK
though & of course this is scheduled for replacement with PolicyKit anyway

Dan.
-- 
|: Red Hat, Engineering, Boston   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|