[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: More PATH fallout. Who decided this was a good idea?





On Fri, 5 Dec 2008, Jesse Keating wrote:

On Fri, 2008-12-05 at 20:29 -0500, Steve Grubb wrote:
These are required to be this way for our Common Criteria evaluations.

Is the thought here that if the code can be executed by a non-root user,
the audit of the code would have to be far more strict?  If you keep the
user from being able to execute, you don't have to worry as much about
how they might exploit it?

And do we seriously think we can keep the code away from a non-root user by chmodd'ing the binaries? A user can get a binary for anything fedora can install in about 30s w/firefox.

-sv




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]