On Thu, 2008-03-27 at 14:43 -0800, Jeff Spaleta wrote: > > > The question is, do we have programs down the sbins that make the wrong > assumption about path segregation equalling protection? And if so, how > many? The obvious ones to me that need scrutiny are the executables that > are setuid root. Do we need to take some extra care about those setuid'd > executables? This question applies today regardless of default path statements. Absolutely nothing on a default Fedora system prevents me as a non-root user from calling any setuid binary from (/usr)/sbin. Nothing. If we're concerned about the security of these things, we would have to audit them regardless of any path changes. Period. -- Jesse Keating Fedora -- All my bits are free, are yours?
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
