On Fri, Apr 13, 2012 at 2:16 PM, Frank Ch. Eigler <fche@xxxxxxxxxx> wrote: > > ajax wrote: > >> [...] >>> If this is meant to cover administrative binaries that have no >>> privilege escalation pieces of their own, merely run by root, then >>> what makes them different from any other /bin/* program that a root >>> process might invoke? >> >> It's not meant to cover that. That phrasing is meant to cover system >> components like init that do not function _unless_ run as uid 0. > > OK. Can you point to an attack scenario against such binaries that > would not also apply against some non-uid0-only binary that root > may incidentally run? The intent wasn't to imply that these were the only binaries that would benefit from this protection, just to point out that this is a good idea and mandate it for a set of critical binaries without forcing it distro-wide, which would apply it to binaries that might not benefit from and needlessly suffer a performance hit or build failure. -J > - FChE > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel -- http://cecinestpasunefromage.wordpress.com/ ------------------------------------------------ in your fear, seek only peace in your fear, seek only love -d. bowie -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
