On 12 August 2015 at 09:33, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > > Am 12.08.2015 um 02:42 schrieb Thomas Daede: >>>> >>>> *if* you use binary tarballs they *should not* be extracted in a user >>>> writeable location as *no binary* whenever possible should have >>>> permissions allowing a ordinary user to change them >>> >>> >>> This is simply not the way how end users install original Mozilla >>> Firefox binaries. >> >> >> In addition, if you have write access to ~/, you can also change .bashrc >> to add paths to executable files and do all sorts of other nasty things > > > that's why chattr exists > > chattr +i ~/.bashrc > chattr +i ~/.bash_profile > > [root@rh:~]$ touch /home/harry/.bashrc > touch: cannot touch '/home/harry/.bashrc': Permission denied > However a compromised application that can write files can probably make executable and fork too. So while immutable provides limited protection, if the real attack surface is the web browser and the worry is privilege escalation then overwriting .bashrc is a side show. Having to run the browser as root to update it (which would remove most of the advantage of automated updates by the mozilla binary) replaces exposing user privileges with exposing root privileges. If you really wanted to be paranoid about this you'd make a separate user account with write permission for that binary to be used for updates. (Which is one of the reasons package managers are a good idea.) -- imalone http://ibmalone.blogspot.co.uk -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
