Le dimanche 24 mars 2013 à 09:05 -0400, Nico Kadel-Garcia a écrit : > On Sat, Mar 23, 2013 at 11:08 PM, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: > > Miloslav Trmač wrote: > >> BTW determining this accurately should be fairly doable[1]. Just look > >> for symlink() and link() calls (and recursively through wrapper APIs / > >> language bindings). These syscalls are fairly rare. > > > > That checks for PROGRAMS which run into this. It catches neither admin's > > custom scripts nor ln commands run directly by the users. Who knows on how > > many machines manually created symlinks point to inodes owned by different > > users? > > For example, I've been known to link /sbin programs to $HOME/bin/. on > hosts I use and do not have root access on, so that "traceroute" iour > "chkconfig" or the "hardlink" program are always avaialble. The > decision to leave "/sbin" out of the default PATH except for root > users has created many interesting such situations. You can also just fix the path for your user. > This is especially > true in environments where commercial or experimental versions of gcc > or Java are instlled in /usr/local/gcc or /usr/local/java or > /opt/[package] on some hosts and not others, and need to be activated > on a user-by-user basis. Unless your $HOME/bin is using a sticky bit and is world writable like /tmp, this will change nothing for you. See http://users.sosdg.org/~qiyong/lxr/source/Documentation/sysctl/fs.txt#L160 for more information. Also, for the record, Debian also enable it for the next stable release : http://womble.decadent.org.uk/blog/whats-in-the-linux-kernel-for-debian-70-wheezy-part-1.html ( along other interesting things, like disable autoloading for seldomly used network protocols ) -- Michael Scherer -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
