Re: $HOME/.local/bin in $PATH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Am 30.10.2013 19:51, schrieb Bruno Wolff III:
> On Wed, Oct 30, 2013 at 19:15:11 +0100,
> Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
>>
>> which is not possible at all, any application running with your
>> user can write in your home directory and any security relevant
>> bug in that application may result in changes
> 
> That doesn't have to be the case. selinux can be used to prevent some applications from doing that

and here again the word *some* which shows 100% security is impossible
anybody really have security as his daily job is knowing that

that's the reason why security is layered and finally ends in
offer as less as possible attack vectors all over these layers

* firewall
* network
* kernel
* OS userland
* filesystem permissions
* default settings
* applications

since the only way to gain 100% security is to remove the network cable
and lock USB/Firewire completly you are limited in make any of these
layers as secure as possible by not damage normal operations

because attacks these days are so much widespreaded and applications way
too complex that any knowledgable person would avoid to say "this is
for sure secure" fro whatever piece of software you can only find
a good balance between as secure as possible and no longer working

any software working with untrusted data has this problem and in
doubt there is only few software not working with untrusted data
because you hardly can be sure that a image, office-document, video
or PDF or whatever file received from your best friend was not already
modified on his machine to attack whatever applications without take notice

a few years ago people called me a paranoid idiot because i statet all
this multiple times, but after the news of the last 6 months most of
these people got very silent and you can be sure that it does not
need the NSA/CIA to take advantage of security holes

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux