[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: More PATH fallout. Who decided this was a good idea?

Once upon a time, Seth Vidal <skvidal fedoraproject org> said:
> And do we seriously think we can keep the code away from a non-root user 
> by chmodd'ing the binaries? A user can get a binary for anything 
> fedora can install in about 30s w/firefox.

The same really applies to RHEL, except it might take a few minutes.
There's not much reason for any file that isn't intended to be modified
(e.g. included in an RPM and not marked %config) to be "protected".

I opened a bug (441495) about BIND permissions (in RHEL 5 specifically
but Fedora as well) a while back, because the restricted permissions are
even stupider there; it is possible to allow a non-root user to use rndc
with permissions on the rndc config file, but RHEL/Fedora distribute
rndc owned root:root perms 0750.

Chris Adams <cmadams hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]