Vincent Lefevre wrote: > Consider some arbitrary name under /, say "/foo", which doesn't exist > on your system and which is non-standard (not part of the FHS). It may > belong to some Debian packages, but you don't intend to ever install > such packages. Okay. > The question is: is such a name free for any use? e.g. create a > directory and use it as a mount point for NFS. Yes. You are the local admin. You can set that up if you like. No problem. It is only a problem if there is a collision of name with something that you would install. Because we know what is in the package archive. But the maintainers creating the packages have no idea what is on your machine. So the maintainers are required to stick to the FHS. You knowing the FHS can avoid the conflicts there and pick something unique and do something locally. > Is it OK that anyone who has a write access in this directory can > become root on the machine? That question is ambiguous. Do you mean that someone who can write to /foo can use that to become root? They should not be able to become root just because they can write to /foo. That would be no different than being able to write to /tmp. Or do you mean that everyone on your machine that will have the ability to write to /foo is also a superuser root admin on your machine so there isn't any privilege escalation. Doesn't matter really. Everyone can write /tmp for example. Although the sticky bit, the 't' bit', does impose a security strategy upon /tmp. Bob
Attachment:
signature.asc
Description: Digital signature