Re: More PATH fallout. Who decided this was a good idea?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday 06 December 2008 11:52:38 Jesse Keating wrote:
> On Sat, 2008-12-06 at 07:48 -0500, Steve Grubb wrote:
> > Sure and that can be audited. We can also point out that this act takes
> > the system out of the certified configuration. So, if you need to be in
> > the CAPP certified configuration, don't let users do this.
>
> To be CAPP certified, you can't have a web browser?

Not sure where you are going with this line of questions, but yes there are 
console packages with utilities in the CAPP package set that could be used to 
grab remote files. Curl, elinks, and ftp are a few I spotted during a quick 
look. The admin would need to chmod those to prevent their unauthorized use or 
take some other measure to protect the system to maintain their config.

The bottom line is that we aren't making shadow-utils setuid root so that
--help works.  :)

-Steve

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux