Once upon a time, Miloslav Trmač <mitr@xxxxxxxxxx> said: > What is the use case for such a blanket requirement? fpc/467 lists the virt thing I so far disagree with, and other uses cases in there actually need much less than all of /usr. Some packagers think they are being "clever" sometimes by making RPM-installed binaries non-world-readable. A (fixed) example I ran into a few years ago was the BIND packager; they reasoned that only root should "touch" BIND, so made /usr/sbin/rndc private. However, BIND is specifically set up to allow secure non-root control (key files), and this just made it where I had to download the RPM and unpack the rndc binary somewhere else. There is nothing gained by making RPM-provided files that are not locally configured not world-readable, with the possible exception of something that uses file locks on non-config files (which would be weird and I don't know of anything that does that). > Secondarily: The rationale that the executables of suid files are public and thus it is useless to make them non-readable is false for 1) any non-distribution packages Non-distribution packages, locally installed binaries, etc. are not covered by any Fedora policies, so please stop bringing up that red herring. Security-by-obscurity also doesn't help setuid binaries in the normal install paths (e.g. /usr/bin), because an attack could easily just switch over to metadata (file size, timestamps, etc.). -- Chris Adams <linux@xxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
