Jeff Spaleta wrote:
On Thu, Mar 27, 2008 at 12:32 PM, Chris Adams <cmadams@xxxxxxxxxx> wrote:
bin vs. sbin is not at all a security measure, since users can already
run things in sbin just by using the full path (or adding the sbin dirs
to their PATH).
By default its not... but on a multiuser system you can restrict access the
sbin directories
limiting access.. in a way that package updates don't revert your changes.
If our intent is to expose these binaries, and encourage a culture where
normal users can expect access to these paths and the binaries in them, then
it would make some sense to be sure we aren't creating an additional admin
burden that forces admins to re-restrict access to paths that Fedora users
come to expect.... for the sake of limiting access to a handle full of
setuid'd binaries.
Yes it should be carefully considered, but if the administrator has restricted access via
perms or acls to those directories, then it will not matter if the user has them included
in their path. With access restrictions in place, a normal user typing ifconfig vs
/sbin/ifconfig will get the same result -- denied access. On a system where the access
restrictions are not in place the result would differ. So if an administrator has
restricted them or not should not effect how they behave (whether suid or not); they have
access or they don't. The security issue is there right now for suid binaries and the
changes discussed so far here should not effect that security issue one way or the other.
--
Andrew Farris <lordmorgul@xxxxxxxxx> www.lordmorgul.net
gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3
No one now has, and no one will ever again get, the big picture. - Daniel Geer
---- ----
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
