On Monday 05 April 2004 17:17, Michael A. Peters wrote:
> ...
> I personally don't like the idea.
> If I want a bin directory in my home directory - export PATH=~/bin:$PATH
>
> The problem I see is security. A virus can not alter binaries it does
> not have permission to alter, and that is why binaries, config files,
> default templates, etc. should be installed with root ownership by the
> root user.
A virus/worm can damage only files owned by the user, so with
or without binaries owned by the user who has run the virus/worm
in her/his home, it can make the same damage. A virus/worm can make
~/.bin and also export PATH="~/.bin:$PATH" from your ~/.bashrc.
What's the diference? The only way to stop the user from running
untrusted applications is to mount /home and /tmp with noexec,
which breaks some applications (rpmbuild, mc) :(
> ...
--
Regards,
Doncho N. Gunchev Registered Linux User #291323 at counter.li.org
GPG-Key-ID: 1024D/DA454F79
Key fingerprint = 684F 688B C508 C609 0371 5E0F A089 CB15 DA45 4F79
