On Tue, May 17, 2011 at 11:57:52AM +0200, Richard Hartmann wrote: > > Others in this thread have noted reasons why it's useful to keep a > > separation (root security; backup policies). I see no overriding reason to > > change the FHS in this regard.
> I still don't buy the security argument. There are hundreds of > binaries root should not run. What makes games different? Are they > inherently insecure or evil? Yes, they are. Only games, as a class, use setgid bits to share high score data between users. If games are run as root (even accidentally, perhaps via wrong tab completion if the command is on the $PATH), any bug that permits arbitrary writes to the high score data, combined with a buffer overflow when reading the high score data, becomes a root escalation vulnerability. There's no good reason to move such hazardous programs onto root's path. > They were installed by root, after all. Else, they would not be in his > $PATH. They're *not* in root's path, and some of us want to keep it that way. /usr/games is the symmetric complement to /usr/sbin: programs that are only meant to be run by non-root, vs. programs that are only meant to be run by root. > _Or_ we would need to come up with a better system of classification > and introduce a _lot_ more options. Why? Who needs that? I sure don't. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [email protected] [email protected] _______________________________________________ fhs-discuss mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/fhs-discuss
