Stefan Schulze Frielinghaus píše v Út 26. 01. 2010 v 11:16 +0100:
> On Mon, 2010-01-25 at 14:48 -0600, Garrett Holmstrom wrote:
> > On Mon, Jan 25, 2010 at 11:54 AM, Till Maas <opensource@xxxxxxxxx> wrote:
> > > On Mon, Jan 25, 2010 at 12:45:26PM -0500, Mike McLean wrote:
> > >
> > >> Furthermore, when the user is root, the 0555 mode will not prevent
> > >> writing as it would for normal users.
> > >
> > > It does not matter, whether the user is root, but whether he has the
> > > dac_override capability. If you read the original mail (1st paragraph)
> > > again with this in mind, you will understand the reason for the change.
> >
> > Does a lack of the dac_override capability prevent root from chmod'ing
> > its own files?
>
> I had the same question too ;-) and did a quick test. The result was, if
> you drop all capabilities, you are still allowed to chmod your files.
>
> So the benefit of removing write permissions is questionable to me.
> Maybe someone else can bring in some light?
Right, it only protects against arbitrary file overwrite (e.g. someone
passing "../../../usr/bin" as a file name). It doesn't protect against
arbitrary code execution.
I have withdrawn the proposal for F13. We could fully protect the
binaries by making them owned by some other user than root, but that
change would be much more invasive and risky, and I won't be able to do
enough testing to propose such a change at this time.
Thanks for all comments,
Mirek
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
