On Aug 12, 2015 12:00 AM, "Mustafa Muhammad" <mustafa1024m@xxxxxxxxx> wrote:
>
>
> On Aug 11, 2015 11:29 PM, "Reindl Harald" <h.reindl@xxxxxxxxxxxxx> wrote:
> >
> >
> >
> > Am 11.08.2015 um 22:18 schrieb Mustafa Muhammad:
> >>
> >> > If I knew Mozilla's Linux binaries provided its own update mechanism
> >> > and notification, yes I would do exactly that.
> >>
> >> I am pretty sure they get updated just like Windows and OS X binaries,
> >> but the tar ball should be extracted in a user writable location
> >
> >
> > nonsense
> >
> > *if* you use binary tarballs they *should not* be extracted in a user writeable location as *no binary* whenever possible should have permissions allowing a ordinary user to change them
> >
> > they should be extracted to /usr/local/ with root-only write-permissions and you have to just start the application as root for updates - not only on Linux, on *any* operating system
> >
> > and since most users are not able to cope with this security principals package managers exists
> > _________________________________________
> >
> > http://www.tldp.org/HOWTO/Security-HOWTO/file-security.html
> >
> > World-writable files, particularly system files, can be a security hole if a cracker gains access to your system and modifies them. Additionally, world-writable directories are dangerous, since they allow a cracker to add or delete files as he wishes
>
> My home is not world writable.
> The way you pointed is the better way, of course, but I think even my simple way is better than waiting for package updates from the repos when an exploit is in the wild.
By the way, running an application as root, even fit just updating it is dangerous.
>
> > _________________________________________
> >
> > as long as you did not inherit that principles you have no clue about security and will be the first victim of exploits on non-windows systems
> >
> >
> > --
> > devel mailing list
> > devel@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/devel
> > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
