Well, your POV is not wrong. On 9/28/05, Tushar Teredesai <[EMAIL PROTECTED]> wrote: > Yep, what is the security benefit when the malicious package can > already install executables to the standard PATH?
The security benefit is on the fact that when you run the executable as a normal user (since it can't be a root suid executable) it runs as an unprivileged process. If the executable goes to the /etc/rc.d/rc[1..5] ... directories, on the other hand, not only it is run always at the boot of the system, but -which is a bigger security hole- it becomes a privileged process. > What I (used to) do is to allow the packages to install scripts into > /etc/rc.d/init.d but not allow them to create any symlinks. The > symlinks would be created by the "install" user only. Yes, you're right. It is enough to deny the installation script to make symlinks in the rc[0..6].. dirs. I've not much experience here, so I forgot that the script in the init.d directory isn't enough to get the executable to run at boot time. In conclusion I think it is a matter of how many packages try to install boot-scripts _and_ symlinks. Up to now I found only autofs was trying to do this, but only for the init.d directory. Since there are probably no packages trying to install bootscripts and symlinks, then there is no point in giving them the permission to write in these directories. This conversation convinced me not to write the (poor) hint. Anyway... if I change my mind, I'll be back! Bye bye Luca -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
