On 10/30/2013 01:08 PM, Reindl Harald wrote:
Am 30.10.2013 13:00, schrieb Alec Leamas:
On 2013-10-30 12:25, Reindl Harald wrote:
i gave you a starting point to learn about security and the reason
for sftp-chroot doing so is that someone could use race-conditions
to bypass the security
if you do not understand that allowing any random application running
with your normal user permissions place a binary inside PATH is a bad
idea i really can not help you
security is *always* a process and layered, there are a lot of things
to consider in different levels and while you can not gain 100%
security you can make it harder to bypass restrictions on several
places and doing things which are clearly against is not smart
you can decide that security is not that important for you
but a distribution as such should not make such wrong decisions for all users
No, it should not. However, the right decision is in many cases a trade-off between security and usabilty, not
always with a single answer. Allowing users to install sw (i. e., allowing random applications to put things in
$PATH) has of course security implications. Dis-allowing has usability aspects. My personal view is that for the
distribution the defaults should allow and support user-installed sw.
the distribution should *not* train users doing this in their userhome
that is why /usr/local exists and software besides packages belongs
there and should be installed as root, 1 out of 1000 users need
to install software in the userhome,
Do you have any source for that assumption?
For example university students usually simply can't install as root.
if so they should learn
about the implications and have a small barrier
No, they should just install the software and be done with it.
it's not that hard to edit .bash_profile but you need to do it by hand
which means you have to spend a thought about it which is completly
different to "i did not know about the door i never opened by myself"
Why should I do that? I expect `pip install --user` to install my
package without me having to fiddle with .bash_profile.
And, isn't this still a little off-topic?
no it is not because the topic is in the subject
Current defaults already has ~/bin in $PATH, and user can certainly put
things there. Isn't the issue here if having a hidden, writeable directory
in $PATH is such a bad idea, given that users actually can install sw?
guess how many users are aware of the hidden directory compared with
"bin" in the userhome and how often someone may take a look
Also guess how many users don't care.
Do you have data to make anything else than a guess?
you can now argue that the user does not look in both of them
and i argue that extaly *this* is the problem
the defaults are dangerous for the majority of ordinary users
I personally like that ~/bin contains what I put there myself by hand,
and ~/.local/bin has what was installed via pip.
but there are users sometimes take a look what is in their userhome
the chance doing also in hidden subdirectories is by zero
This is wild speculation.
You can just echo $PATH to see what directories are in $PATH.
Also, if you bother securing .bash_profile so that rogue programs can't
write into it, you can easily check if $PATH is set the way you want it.
If you don't bother, it doesn't matter if malware installs to
~/.local/bin/rootkit or ~/.rootkit
--
Petr³
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct