[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: More PATH fallout. Who decided this was a good idea?



On Sat, 2008-12-06 at 13:05 -0500, Steve Grubb wrote:
> But even if we did use the filesystem capabilities, now you have a program with 
> elevated privileges and much more work has to be done to prove that its safe, 
> document its internal logic, and test its protection. Any program with file 
> system capabilities becomes a target for attack.
> 
> And all this work just for --help ?  Seriously.

Which is why we don't do all this work, because it is indeed stupid and
pointless, and we just chmod 755 /usr/sbin/user* and be done with it.
Relying purely on userspace to enforce security is fundamentally broken.
Face it, Fedora is never going to be certified. Why then would people
pay for RHEL. ;D

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]