Tim wrote:
> That isn't quite how I meant it. If you're able to create your own
> software, and you're not prevented from running it, then there's little
> point in restricting you from root access. You can already own the
> machine, with those abilities.
Erm, would you mind explaining that?
Unix permissions have *never* relied on compile-time security. You
*can't* over-write /etc/shadow, you *can't* su - to root, you *can't*
re-write the file system table without the appropriate permissions.
Yes, you can *compile* software to do that as an ordinary user, but
you'll still need to be root to run the program to get it to work
properly.
Compiled programs have no inherent (security) abilities over shell
scripts. [1]
James.
[1] Apart from the fact that the owner may be allowed to make them
setuid. Doesn't help much if the owner isn't root.
--
E-mail: james@ | Telsa ruthlessly depopulates the cuddly toy pile. There
aprilcottage.co.uk | is only room for so many penguins in any one house. Alan
| wakes. Telsa throws cuddly toys down the stairwell. Alan
| is struck by a blinding flash of penguin.
| -- Telsa Gwynne's Diary.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
