|| ||Seth Vidal <skvidal-AT-fedoraproject.org>|
|| ||Development discussions related to Fedora <fedora-devel-list-AT-redhat.com>|
|| ||Re: More PATH fallout. Who decided this was a good idea?|
|| ||Sat, 6 Dec 2008 01:06:41 -0500 (EST)|
On Fri, 5 Dec 2008, Jesse Keating wrote:
> On Fri, 2008-12-05 at 20:29 -0500, Steve Grubb wrote:
>> These are required to be this way for our Common Criteria evaluations.
> Is the thought here that if the code can be executed by a non-root user,
> the audit of the code would have to be far more strict? If you keep the
> user from being able to execute, you don't have to worry as much about
> how they might exploit it?
And do we seriously think we can keep the code away from a non-root user
by chmodd'ing the binaries? A user can get a binary for anything
fedora can install in about 30s w/firefox.
fedora-devel-list mailing list
to post comments)