On Sat, 2008-12-06 at 13:05 -0500, Steve Grubb wrote: > But even if we did use the filesystem capabilities, now you have a program with > elevated privileges and much more work has to be done to prove that its safe, > document its internal logic, and test its protection. Any program with file > system capabilities becomes a target for attack. > > And all this work just for --help ? Seriously. Which is why we don't do all this work, because it is indeed stupid and pointless, and we just chmod 755 /usr/sbin/user* and be done with it. Relying purely on userspace to enforce security is fundamentally broken. Face it, Fedora is never going to be certified. Why then would people pay for RHEL. ;D
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
