Re: Hourly Error Message of Unknown Provenance

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 8 Jun 2020 at 15:00, Doug H. <fedoraproject.org@xxxxxxxxxxx> wrote:
On Mon, Jun 8, 2020, at 10:54 AM, Tom Horsley wrote:
> I keep asking for people to point me to the huge list
> of exploits that certainly must exist given all the
> horrors expressed about running as root. 
> No one has ever been able to tell me where to find it.

I'm certain TLA folks could provide some reasons selinux was invented,
but then they'd have to kill us.

Don't know about expolits, but the big issue that I *think* comes from it is that can be created as root:root while you are doing things. Later you log back in as the user and don't have access to stuff you need to update, change, delete, etc.
 
Agree: Linux maintainers spend a lot of their time triaging bug reports, so
measures that reduce ways users can screw things up are important.
A good example is Fedora's download, reboot, update mechanism.

Maybe the OP didn't file a bug report, but others would.   I've see many
problems created by abuses of sudo that sprinkle filesystems with
permissions that prevent regular users from doing normal things.  I work
with a couple large applications from ESA and NASA that regularly get
problem reports where the underlying problem was a sudo install.  Both
applications have substantial download on demand data components
running in background, so fail badly when root:root owns the directory
trees.  

If the OP really has a use case where disabling selinux and running as root
is necessary (and doesn't have unpleasant side effects) they should
discuss it in an selinux forum to make sure there isn't some more rootless
selinux way to accomplish the tasks.

--
George N. White III

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux