Quoting Miloslav Trmač (mitr@xxxxxxxx): > Stefan Schulze Frielinghaus píše v Út 26. 01. 2010 v 11:16 +0100: > > On Mon, 2010-01-25 at 14:48 -0600, Garrett Holmstrom wrote: > > > On Mon, Jan 25, 2010 at 11:54 AM, Till Maas <opensource@xxxxxxxxx> wrote: > > > > On Mon, Jan 25, 2010 at 12:45:26PM -0500, Mike McLean wrote: > > > > > > > >> Furthermore, when the user is root, the 0555 mode will not prevent > > > >> writing as it would for normal users. > > > > > > > > It does not matter, whether the user is root, but whether he has the > > > > dac_override capability. If you read the original mail (1st paragraph) > > > > again with this in mind, you will understand the reason for the change. > > > > > > Does a lack of the dac_override capability prevent root from chmod'ing > > > its own files? > > > > I had the same question too ;-) and did a quick test. The result was, if > > you drop all capabilities, you are still allowed to chmod your files. > > > > So the benefit of removing write permissions is questionable to me. > > Maybe someone else can bring in some light? > Right, it only protects against arbitrary file overwrite (e.g. someone > passing "../../../usr/bin" as a file name). It doesn't protect against > arbitrary code execution. > > I have withdrawn the proposal for F13. We could fully protect the > binaries by making them owned by some other user than root, but that Note that the inverse - the files being owned by root and a daemon running as non-root with a few capabilities - is also useful. > change would be much more invasive and risky, and I won't be able to do > enough testing to propose such a change at this time. > > Thanks for all comments, > Mirek > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel