Re: permissions in general (WAS: Re: permissions in /sbin)

To: debian-user@lists.debian.org
Subject: Re: permissions in general (WAS: Re: permissions in /sbin)
From: Joey Hess <joeyh@debian.org>
Date: Wed, 5 Dec 2007 13:36:51 -0500
Message-id: <[🔎] 20071205183651.GA23530@kitenet.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 5fa6c12e0712050957k3a47992g146ab0b2716a052c@mail.gmail.com>
References: <[🔎] 5fa6c12e0712050758i433bfc93if33db92fd4d2e284@mail.gmail.com> <[🔎] 200712050823.37993.mgb-debian@yosemite.net> <[🔎] 5fa6c12e0712050857r6401e81cu1c2543f2a634b8b3@mail.gmail.com> <[🔎] 20071205173820.GB17441@kitenet.net> <[🔎] 5fa6c12e0712050957k3a47992g146ab0b2716a052c@mail.gmail.com>

Martin Marcher wrote:
> /usr/bin/perl
> /usr/bin/wget
> /bin/tar

How about /bin/cat, which can be used to transfer copies of any of these
onto the system?

> * Why not take that one further and require explicit permission to run
> _any_ program?

Because then you have a web server with some CGIs. Which also has a
fairly dreadful security history in general.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- permissions in general (WAS: Re: permissions in /sbin)
  - From: "Martin Marcher" <martin@marcher.name>
- Re: permissions in general (WAS: Re: permissions in /sbin)
  - From: Mike Bird <mgb-debian@yosemite.net>
- Re: permissions in general (WAS: Re: permissions in /sbin)
  - From: "Martin Marcher" <martin@marcher.name>
- Re: permissions in general (WAS: Re: permissions in /sbin)
  - From: Joey Hess <joeyh@debian.org>
- Re: permissions in general (WAS: Re: permissions in /sbin)
  - From: "Martin Marcher" <martin@marcher.name>

Prev by Date: Re: Test (and really annoyed)
Next by Date: Re: permissions in general
Previous by thread: Re: permissions in general (WAS: Re: permissions in /sbin)
Next by thread: Re: permissions in general
Index(es):
- Date
- Thread