On Thu, Mar 27, 2008 at 02:43:51PM -0800, Jeff Spaleta wrote: > 2008/3/27 Jesse Keating <jkeating@xxxxxxxxxx>: > > > > > Again, this argument is bunk. If they're not supposed to be ran by > > normal users, hiding them behind a path is no form of security. One can > > just run the full path to it. If they're not supposed to be ran by > > users, they should have correct permissions on them, or they should > > check EUID of the caller before doing anything. > > > > > The question is, do we have programs down the sbins that make the wrong > assumption about path segregation equalling protection? And if so, how > many? The obvious ones to me that need scrutiny are the executables that > are setuid root. Do we need to take some extra care about those setuid'd > executables? The only problem is potentially the way we use console-helper for various apps. eg, you have '/usr/bin/virt-manager' and '/usr/sbin/virt-manager' and relies on the fact that /usr/bin is first in the path to make sure the user runs the console-helper variant rather than the real binary. As long as /sbin, and /usr/sbin come last in the $PATH it should be OK though & of course this is scheduled for replacement with PolicyKit anyway Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
