FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

LinkBack Thread Tools
Old 01-29-2010, 03:54 PM
Richard Zidlicky
Default RFC: Remove write permissions from executables

On Thu, Jan 28, 2010 at 09:43:09AM -0600, Serge E. Hallyn wrote:
> Quoting Richard Zidlicky (rz@linux-m68k.org):
> > On Wed, Jan 27, 2010 at 11:11:41AM -0600, Serge E. Hallyn wrote:
> >
> > > > All in all I think it's a shame that the original proposal didn't work
> > > > out at this time. Having binaries owned by bin:bin does have Unix (but
> > > > not Linux AFAIK) tradition behind it.
> > >
> > > And remounting ro doesn't let a task with CAP_DAC_OVERRIDE write.
> >
> > read only fs is not necessarilly a normal fs thats mounted ro. rpm could have
> > a hook to do whatever is necessary, it is just one program that needs modified.
> > Relying on do CAP_DAC_OVERRIDE has imho more potential for breakage and provides
> > less protection.
> Oh, right, this is for /bin and /sbin only isn't it - so ro fs could
> be good. I was thinking about /etc, which I guess isn't being considered
> yet.

it was more about the /usr fs. Yes, to have /etc ro it seems many hundreds of packages
would need changes. There is a long history of trying to make eg root ro and it is surely
used for specialised tasks sometimes.

devel mailing list

Thread Tools

All times are GMT. The time now is 03:47 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org