Am 11.08.2015 um 23:03 schrieb Mustafa Muhammad:
On Aug 12, 2015 12:00 AM, "Mustafa Muhammad" <mustafa1024m@xxxxxxxxx <mailto:mustafa1024m@xxxxxxxxx>> wrote: > > > On Aug 11, 2015 11:29 PM, "Reindl Harald" <h.reindl@xxxxxxxxxxxxx <mailto:h.reindl@xxxxxxxxxxxxx>> wrote: > > > > > > > > Am 11.08.2015 um 22:18 schrieb Mustafa Muhammad: > >> > >> > If I knew Mozilla's Linux binaries provided its own update mechanism > >> > and notification, yes I would do exactly that. > >> > >> I am pretty sure they get updated just like Windows and OS X binaries, > >> but the tar ball should be extracted in a user writable location > > > > > > nonsense > > > > *if* you use binary tarballs they *should not* be extracted in a user writeable location as *no binary* whenever possible should have permissions allowing a ordinary user to change them > > > > they should be extracted to /usr/local/ with root-only write-permissions and you have to just start the application as root for updates - not only on Linux, on *any* operating system > > > > and since most users are not able to cope with this security principals package managers exists > > _________________________________________ > > > > http://www.tldp.org/HOWTO/Security-HOWTO/file-security.html > > > > World-writable files, particularly system files, can be a security hole if a cracker gains access to your system and modifies them. Additionally, world-writable directories are dangerous, since they allow a cracker to add or delete files as he wishes > > My home is not world writable. > The way you pointed is the better way, of course, but I think even my simple way is better than waiting for package updates from the repos when an exploit is in the wild. By the way, running an application as root, even fit just updating it is dangerous
besides your home *is wolrd writable* when a remote xploit happens to a any application you are running do some simple calculation what is more likely to be exploited:
* your application running with your user all day long handling random input data from all over the web * your application started once as root only for the purpose of install updates if you don't realize the difference there is no help...
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
