LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Also

Also

Posted Apr 8, 2004 20:56 UTC (Thu) by Ross (subscriber, #4065)
In reply to: /usr/local/ ? by alspnost
Parent article: The User-Accessible Filesystem Hierarchy Standard

Give /usr/local the sticky bit so people can't remove or rename other
people's software. And mount it nosuid,nosgid so people can't play tricks
with software that runs as them no matter who uses it.

My biggest fear is that this opens the door to spreading malicious
software. There is nothing to stop a user from adding a command named
"cp" which does rm -rf $HOME. Similarly this opens the door to viruses.
In the past they only affected people who already had infected executables
in their home directory or people who used a system where the root user was
running infected executables.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.