On Monday 05 April 2004 19:07, Robert Marcano wrote:
> On Mon, 2004-04-05 at 11:30, Doncho N. Gunchev wrote:
> > On Monday 05 April 2004 17:17, Michael A. Peters wrote:
> > > ...
> > > I personally don't like the idea.
> > > If I want a bin directory in my home directory - export PATH=~/bin:$PATH
> > >
> > > The problem I see is security. A virus can not alter binaries it does
> > > not have permission to alter, and that is why binaries, config files,
> > > default templates, etc. should be installed with root ownership by the
> > > root user.
> > A virus/worm can damage only files owned by the user, so with
> > or without binaries owned by the user who has run the virus/worm
> > in her/his home, it can make the same damage. A virus/worm can make
> > ~/.bin and also export PATH="~/.bin:$PATH" from your ~/.bashrc.
> > What's the diference? The only way to stop the user from running
> > untrusted applications is to mount /home and /tmp with noexec,
> > which breaks some applications (rpmbuild, mc) :(
> >
>
> But if the system allow an user to install shared applications without
> any kind of authentication, a virus or worm can access the files of any
> user, or it can start key loggers or any other garbage
Shared for him/her only, not the whole system. These files will
remain in the user's home directory only. There's no reason why another
user should use them, or I did not get the idea right?
--
Regards,
Doncho N. Gunchev Registered Linux User #291323 at counter.li.org
GPG-Key-ID: 1024D/DA454F79
Key fingerprint = 684F 688B C508 C609 0371 5E0F A089 CB15 DA45 4F79
