Re: [RFC] User Accesable Filesystem Hierarchy Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2004-04-05 at 11:30, Doncho N. Gunchev wrote:
> On Monday 05 April 2004 17:17, Michael A. Peters wrote:
> > ...
> > I personally don't like the idea.
> > If I want a bin directory in my home directory - export PATH=~/bin:$PATH
> > 
> > The problem I see is security. A virus can not alter binaries it does
> > not have permission to alter, and that is why binaries, config files,
> > default templates, etc. should be installed with root ownership by the
> > root user.
>     A virus/worm can damage only files owned by the user, so with
> or without binaries owned by the user who has run the virus/worm
> in her/his home, it can make the same damage. A virus/worm can make
> ~/.bin and also export PATH="~/.bin:$PATH" from your ~/.bashrc.
> What's the diference? The only way to stop the user from running
> untrusted applications is to mount /home and /tmp with noexec,
> which breaks some applications (rpmbuild, mc) :(
> 

But if the system allow an user to install shared applications without
any kind of authentication, a virus or worm can access the files of any
user, or it can start key loggers or any other garbage

> > ...
> 
> -- 
> Regards,
>   Doncho N. Gunchev    Registered Linux User #291323 at counter.li.org
>   GPG-Key-ID: 1024D/DA454F79
>   Key fingerprint = 684F 688B C508 C609 0371  5E0F A089 CB15 DA45 4F79
-- 
Robert Marcano



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux