[RFC] User Accesable Filesystem Hierarchy Standard

Jamethiel Knorth jamethknorth at hotmail.com
Wed Apr 7 01:36:24 UTC 2004 

>Date: Tue, 6 Apr 2004 09:40:03 +0300
>From: "Doncho N. Gunchev" <mr700 at globalnet.bg>
>
>On Monday 05 April 2004 19:07, Robert Marcano wrote:
> > On Mon, 2004-04-05 at 11:30, Doncho N. Gunchev wrote:
> > > On Monday 05 April 2004 17:17, Michael A. Peters wrote:
> > > > ...
> > > > I personally don't like the idea.
> > > > If I want a bin directory in my home directory - export 
>PATH=~/bin:$PATH
> > > >
> > > > The problem I see is security. A virus can not alter binaries it 
>does
> > > > not have permission to alter, and that is why binaries, config 
>files,
> > > > default templates, etc. should be installed with root ownership by 
>the
> > > > root user.
> > >     A virus/worm can damage only files owned by the user, so with
> > > or without binaries owned by the user who has run the virus/worm
> > > in her/his home, it can make the same damage. A virus/worm can make
> > > ~/.bin and also export PATH="~/.bin:$PATH" from your ~/.bashrc.
> > > What's the diference? The only way to stop the user from running
> > > untrusted applications is to mount /home and /tmp with noexec,
> > > which breaks some applications (rpmbuild, mc) :(
> > >
> >
> > But if the system allow an user to install shared applications without
> > any kind of authentication, a virus or worm can access the files of any
> > user, or it can start key loggers or any other garbage
>     Shared for him/her only, not the whole system. These files will
>remain in the user's home directory only. There's no reason why another
>user should use them, or I did not get the idea right?

Actually, the idea does allow people to install shared programs. Part of the 
purpose of this is that a user can install a shared program without 
escalating their privileges. Of course, a system can be set up to prevent 
this. The main advantage in a home environment is that, if a user does 
install something, it needn't be installed with root permissions.

Looking at the current situation with Windows, it's fairly reasonable to 
assume that regular users will intentionally install programs without 
properly checking what they are and who made them. If they do this with root 
privileges, the program could influence every portion of their system and 
this could cause catastrophic problems.

However, if a user can install a shared program without ever having access 
to system directories, the overall damage of installing malware would be 
mitigated.

Due to this, I think that the shared directory would be an overall security 
improvement. (Remembering of course that it probably wouldn't exist in a 
corporate/lab environment)

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.com/go/onm00200415ave/direct/01/

More information about the fedora-devel-list mailing list