On 14 June 2018 at 16:23, Till Maas <opensource@xxxxxxxxx> wrote: > On Wed, Jun 13, 2018 at 05:28:03PM -0400, Stephen John Smoogen wrote: > >> and some other remote filesystem which were common in universities and >> thought safe by itself. Or the attack would be done by controlling one >> host with root permissions and using NFS or some other global >> filesystems to put a trojan in one system and then getting the admin >> to execute it on a different system. This was why it was a security > > I do not follow why the attacker would only have access to ~/bin or > ~/.local/bin and can only add files there but not read or modify other > files. > I have seen all kinds of weird defaults in 'helper' programs where it wouldn't allow you to edit or overwrite existing files, but would allow you to drop in new things in some subdirectory. Usually it is trying to be helpful, and in most cases would not be a problem.. the issue is getting it to chain-attack things so that you get what you want by looking for weaknesses. Look, people keep asking why it was like this. I am trying to explain it. I am not defending it or saying we have to keep doing it that way... this is just that various tools have in the past been overly helpful and various security guidelines were designed to assume they will be again and that the OS should make the user's default environment as safe as possible. The problem here is that most of those guidelines were written for a different age where you have 1000's of people on the same machine and hundreds of machines mounting shared disks which might allow chain attacks. Those sites are not a place you find Fedora because by the time you rolled out a version all your bugs are closed as EOL. They are also not the problems that modern laptop users end up with as just the flatpack/snap model says most of the applications you are going to really use are in your home directory anyway. >> finding for a long time in various checklists that user controlled bin >> directories needed to be at the end of the path. It was also linked to > > IMHO "it is on a checklist" without proper justification is probably > just security theater. There are enough possibilities to manipulate I won't disagree it isn't security theatre. I also know that this is the sort of checkmark which gets an OS removed from being used in various sites and major fines for it. This is not as much a thing for us to deal with as the people who may want to deploy it in various environments where that is a problem. The change approval process should be enough notification. -- Stephen J Smoogen. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/GSQWM6FUCXJ2GJTGCSLAJG4DS6NXJW3N/
