Re: [PROPOSAL] (Ch.16 FHS) be more specific on file/dir permissions

To: tytso@mit.edu
Cc: lsb-spec@lists.linuxbase.org
Subject: Re: [PROPOSAL] (Ch.16 FHS) be more specific on file/dir permissions
From: Johannes Poehlmann <johannes@caldera.de>
Date: Fri, 12 Jan 2001 18:44:24 +0100
Message-id: <[🔎] 20010112184424.C14853@caldera.de>
In-reply-to: <[🔎] 200101082355.f08NtEo10077@snap.thunk.org>; from tytso@mit.edu on Mon, Jan 08, 2001 at 06:55:14PM -0500
References: <[🔎] 20010104134004.A28627@caldera.de> <[🔎] 200101082355.f08NtEo10077@snap.thunk.org>

Is it possible to misunderstand my proposal as 
"bossing around" Distributions ?

>        LSB says nothing about File Permissions.
 
>        o   This makes it possible to set up an LSB-conforming package 
> 	   and a LSB conforming Linux system where the application can 
> 	   not run on the linux system.
 
I fear that future LSB-compliant distributions could be bashed to dead 
if say LSB-compliant oracle can not run on them because of 
permission conflicts.

>        o   LSB-conforming systems should be allowed to use very restrictive
> 	   permission schemes, not to make security and LSB a contradiction.

If we do not spec permissions at all, we will have a de facto standard
which says: All major ISV packages have to run, so give them the permissions
they need. This will force LSB compliant distributions to grant a lot
of file/dir permissions. 

The proposal proper gives the Distro/Sysadmin the greatest possible 
freedom on the cost of ISVs: If we forbid ISVs to demand certain 
permissions the Distro/Admin has the FREEDOM to grant them or not.
 
> I'm not sure we want to go here.  Permissions generally are a system
> administrator issue much more than they are a distribution issue, and
> trying to word things so that we don't prohibit perfectly sane
> configurations might be very difficult.  For example, there are probably
> certain system users (like the one used by the imap daemon, or the one
> used by the anonymous FTP daemon) who might have very restrictive
> permissions schemes.  Is this allowed?  I would argue that an LSB
> statement which prohibited this type of security precaution is broken,
> and we shouldn't go there.
Ted, that is exactly the situation i want to prevent
 
> My suggest is that we not try to address this "problem".  If a
> distribution sets such a highly restrictve set of permissions, the
> system administrator can always "fix" the permissions very easily, and
> if someone did try to sell such a super-secure distribution as a
> desktop, market forces will probably solve the problem very quickly.
Is this good ? Do we want future bad press for Linux and the LSB like:
"Standard Linux is open to XYZ-attack" ?


-- 
     ______   ___        
    /  ___/__/  /                 Caldera (Deutschland) GmbH          
   /  /_/ _  / /__        Naegelsbachstr. 49c, 91052 Erlangen, Germany 
  /_____/_/ /____/            software developer / lsb project 
 ==== /____/ =====   Dipl. Inf. Johannes Poehlmann, mail: jhp@caldera.de
Caldera OpenLinux    phone: ++49 9131 7192 336, fax: ++49 9131 7192 399

Reply to:

References:
- [PROPOSAL] (Ch.16 FHS) be more specific on file/dir permissions
  - From: Johannes Poehlmann <johannes@caldera.de>
- Re: [PROPOSAL] (Ch.16 FHS) be more specific on file/dir permissions
  - From: tytso@mit.edu

Prev by Date: lpr subset standard wanted
Next by Date: Re: [PROPOSAL] (Ch.16 FHS) be more specific on file/dir permissions
Previous by thread: Re: [PROPOSAL] (Ch.16 FHS) be more specific on file/dir permissions
Next by thread: confcall followup: [PROPOSAL V2] (Ch.16 FHS) file/dir permissions
Index(es):
- Date
- Thread