Just a quick question.
Now that usr is writable, does that create any new security issues?
usr writable - security issue?
-
BarryK
- Puppy Master
- Posts: 9392
- Joined: Mon 09 May 2005, 09:23
- Location: Perth, Western Australia
- Contact:
yes, a read-only /usr was a definite asset from that point of view.
Of course, anyone can build their own live-CD from Unleashed and disable the writable /usr, but then they can't install anything into /usr.
I was thinking about security when I was designing the version upgrade script, that throws everything out of /usr that doesn't seem to belong... but that's not really a solution to the potential problem.
Another possibility is a checksum of all the files that are officially allowed to be there.
Of course, anyone can build their own live-CD from Unleashed and disable the writable /usr, but then they can't install anything into /usr.
I was thinking about security when I was designing the version upgrade script, that throws everything out of /usr that doesn't seem to belong... but that's not really a solution to the potential problem.
Another possibility is a checksum of all the files that are officially allowed to be there.
-
Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
That's like if Gates said, "I don't see any reason why they would need to edit the "Program Files" directory. Yeah, I could still install stuff somewhere else, but I'd rather use the /usr directory. It keeps things simpler. Besides, you're techincally not editing /usr, you're editing /root/.usr. Anyways, back to edititing. In addition to adding stuff, I like to be able to change what's already there. One of the reasons I like Linux is that I can customise it so much. I want to be able to go in and change the scripts in /usr if for some reason I needed to.
Basically, I don't like people telling me that I don't need to do something. It tends to make me mad. They don't know what I need. They're not me. If you ask me, they don't need to be telling me what I need. I know my needs better than anyone else.
Sorry if I got carried away, but I just get ticked off when people try to make decisions for me. No offense or anything. And that last part was directed towards the whole world, not you. I'm good now.
Basically, I don't like people telling me that I don't need to do something. It tends to make me mad. They don't know what I need. They're not me. If you ask me, they don't need to be telling me what I need. I know my needs better than anyone else.
Sorry if I got carried away, but I just get ticked off when people try to make decisions for me. No offense or anything. And that last part was directed towards the whole world, not you. I'm good now.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
-
BarryK
- Puppy Master
- Posts: 9392
- Joined: Mon 09 May 2005, 09:23
- Location: Perth, Western Australia
- Contact:
No, it doesn't affect upgrades, but if /usr not writable you can't download packages with PupGet.dvw86 wrote:So is the only reason that /usr is writable, is to make for easy/smooth upgrades? If that is the case, I kind of like the idea of checksums. I don't see any reasons that the end user would need to write to /usr.