On Sunday, November 02, 2014 06:15:05 PM Lennart Poettering wrote: > On Fri, 31.10.14 10:04, Andrew Lutomirski (luto@xxxxxxx) wrote: > > I filed an FPC ticket: https://fedorahosted.org/fpc/ticket/467 > > > > Thoughts? > > I very much agree with this, but I'd really prefer if we'd list what > is allowed rather than just declare what is forbidden. > > A short list like this should be everything we should allow in /usr: > > a) symlinks > b) directories with access mode 0555 > c) files with access mode 0444 (optionally 0644 if owned by root user) > d) files with access mode 0555 (optionally 0755 if owned by root user) > e) files with access mode 2555 (optionally 2755 if owned by root user) > f) files with access mode 4555 > > Or something like that. > > That said, there appears to be some form of cargo-cult programming > around, for example the audit packages carries a lot of non-sensical > access modes, for security theatre reasons. Good luck with getting > that package fixed! Today's guru meditation: He who lives in glass house should not throw stones. -Steve -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct