Re: Requiring all files in /usr to be world-readable?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sunday, November 02, 2014 06:15:05 PM Lennart Poettering wrote:
> On Fri, 31.10.14 10:04, Andrew Lutomirski (luto@xxxxxxx) wrote:
> > I filed an FPC ticket: https://fedorahosted.org/fpc/ticket/467
> > 
> > Thoughts?
> 
> I very much agree with this, but I'd really prefer if we'd list what
> is allowed rather than just declare what is forbidden.
> 
> A short list like this should be everything we should allow in /usr:
> 
>   a) symlinks
>   b) directories with access mode 0555
>   c) files with access mode 0444 (optionally 0644 if owned by root user)
>   d) files with access mode 0555 (optionally 0755 if owned by root user)
>   e) files with access mode 2555 (optionally 2755 if owned by root user)
>   f) files with access mode 4555
> 
> Or something like that.
> 
> That said, there appears to be some form of cargo-cult programming
> around, for example the audit packages carries a lot of non-sensical
> access modes, for security theatre reasons. Good luck with getting
> that package fixed!

Today's guru meditation: He who lives in glass house should not throw stones.

-Steve
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux