(old)Puppy Linux Discussion Forum

READ-ONLY Archive
https://oldforum.puppylinux.com/

usr writable - security issue?

https://oldforum.puppylinux.com/viewtopic.php?t=173

Page 1 of 1

usr writable - security issue?

Posted: Tue 17 May 2005, 02:40
by dvw86
Just a quick question.
Now that usr is writable, does that create any new security issues?

Posted: Tue 17 May 2005, 09:35
by BarryK
yes, a read-only /usr was a definite asset from that point of view.

Of course, anyone can build their own live-CD from Unleashed and disable the writable /usr, but then they can't install anything into /usr.

I was thinking about security when I was designing the version upgrade script, that throws everything out of /usr that doesn't seem to belong... but that's not really a solution to the potential problem.
Another possibility is a checksum of all the files that are officially allowed to be there.

Posted: Tue 17 May 2005, 17:21
by dvw86
So is the only reason that /usr is writable, is to make for easy/smooth upgrades? If that is the case, I kind of like the idea of checksums. I don't see any reasons that the end user would need to write to /usr.

Posted: Tue 17 May 2005, 20:53
by Pizzasgood
That's like if Gates said, "I don't see any reason why they would need to edit the "Program Files" directory. Yeah, I could still install stuff somewhere else, but I'd rather use the /usr directory. It keeps things simpler. Besides, you're techincally not editing /usr, you're editing /root/.usr. Anyways, back to edititing. In addition to adding stuff, I like to be able to change what's already there. One of the reasons I like Linux is that I can customise it so much. I want to be able to go in and change the scripts in /usr if for some reason I needed to.

Basically, I don't like people telling me that I don't need to do something. It tends to make me mad. They don't know what I need. They're not me. If you ask me, they don't need to be telling me what I need. I know my needs better than anyone else.

Sorry if I got carried away, but I just get ticked off when people try to make decisions for me. No offense or anything. And that last part was directed towards the whole world, not you. I'm good now.

Posted: Wed 18 May 2005, 01:28
by BarryK
dvw86 wrote:So is the only reason that /usr is writable, is to make for easy/smooth upgrades? If that is the case, I kind of like the idea of checksums. I don't see any reasons that the end user would need to write to /usr.
No, it doesn't affect upgrades, but if /usr not writable you can't download packages with PupGet.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited