[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#57740: Security: Many files are kept a+w



Previously Sven LUTHER wrote:
> Ok, so where can i put example programs so that users can play with it quickly
> without having to copy them over to their place. Do we need a /home/examples
> or somethign such place, and symlink it from /usr/share/doc ?

Nowhere, users should always copy them. Making Yet Another Publically Writeable
place is just a Bad Idea, especially wents it's trivial for a user to do
a simple cp to /tmp

> I think i am not the only one who is having this kind of needs, imagine, i
> install this package here ta university, and 200 students copy the files over
> to their place, compile them and install them. Sure the files are quite small,
> but still.

Encouraing users to use testcompiles made by others since they are all
in that public writeable /usr/doc/examplpes directory is *much* worse.
It would be trivial for someone to slip in a trojan and cause major
havoc.

Wichert.

-- 
  _________________________________________________________________
 / Generally uninteresting signature - ignore at your convenience  \
| wichert@liacs.nl                    http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Attachment: pgpSCqUSYjvni.pgp
Description: PGP signature


Reply to: