Am 30.10.2013 13:00, schrieb Alec Leamas: > On 2013-10-30 12:25, Reindl Harald wrote: >> i gave you a starting point to learn about security and the reason >> for sftp-chroot doing so is that someone could use race-conditions >> to bypass the security >> >> if you do not understand that allowing any random application running >> with your normal user permissions place a binary inside PATH is a bad >> idea i really can not help you >> >> security is *always* a process and layered, there are a lot of things >> to consider in different levels and while you can not gain 100% >> security you can make it harder to bypass restrictions on several >> places and doing things which are clearly against is not smart >> >> you can decide that security is not that important for you >> but a distribution as such should not make such wrong decisions for all users > No, it should not. However, the right decision is in many cases a trade-off between security and usabilty, not > always with a single answer. Allowing users to install sw (i. e., allowing random applications to put things in > $PATH) has of course security implications. Dis-allowing has usability aspects. My personal view is that for the > distribution the defaults should allow and support user-installed sw. the distribution should *not* train users doing this in their userhome that is why /usr/local exists and software besides packages belongs there and should be installed as root, 1 out of 1000 users need to install software in the userhome, if so they should learn about the implications and have a small barrier it's not that hard to edit .bash_profile but you need to do it by hand which means you have to spend a thought about it which is completly different to "i did not know about the door i never opened by myself" > And, isn't this still a little off-topic? no it is not because the topic is in the subject > Current defaults already has ~/bin in $PATH, and user can certainly put > things there. Isn't the issue here if having a hidden, writeable directory > in $PATH is such a bad idea, given that users actually can install sw? guess how many users are aware of the hidden directory compared with "bin" in the userhome and how often someone may take a look you can now argue that the user does not look in both of them and i argue that extaly *this* is the problem the defaults are dangerous for the majority of ordinary users but there are users sometimes take a look what is in their userhome the chance doing also in hidden subdirectories is by zero
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
