More PATH fallout. Who decided this was a good idea?
Seth Vidal
skvidal at fedoraproject.org
Sat Dec 6 17:38:35 UTC 2008
On Sat, 6 Dec 2008, Kevin Kofler wrote:
> Jesse Keating wrote:
>
>> On Sat, 2008-12-06 at 07:48 -0500, Steve Grubb wrote:
>>> Sure and that can be audited. We can also point out that this act takes
>>> the system out of the certified configuration. So, if you need to be in
>>> the CAPP certified configuration, don't let users do this.
>>
>> To be CAPP certified, you can't have a web browser?
>
> Mounting the home directories with noexec should also prevent users from
> doing this.
and /tmp and /dev/shm and /var/tmp and /usr/tmp
:)
-sv
More information about the fedora-devel-list
mailing list