More PATH fallout. Who decided this was a good idea?

Seth Vidal skvidal at fedoraproject.org
Sat Dec 6 17:38:35 UTC 2008



On Sat, 6 Dec 2008, Kevin Kofler wrote:

> Jesse Keating wrote:
>
>> On Sat, 2008-12-06 at 07:48 -0500, Steve Grubb wrote:
>>> Sure and that can be audited. We can also point out that this act takes
>>> the system out of the certified configuration. So, if you need to be in
>>> the CAPP certified configuration, don't let users do this.
>>
>> To be CAPP certified, you can't have a web browser?
>
> Mounting the home directories with noexec should also prevent users from
> doing this.

and /tmp and /dev/shm and /var/tmp and /usr/tmp

:)

-sv




More information about the fedora-devel-list mailing list