[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNUstep filesystem layout change
|
From: |
Nicola Pero |
|
Subject: |
Re: GNUstep filesystem layout change |
|
Date: |
Thu, 24 Apr 2003 08:45:31 +0100 (BST) |
> I'd like to commit some patches that implement the formerly discussed
> GNUstep filesystem as described in:
>
> http://www.gnustep.org/experience/documentation.html
>
> under 'Filesystem Specs'.
Adam, this document still says that normal users can install in the Local
domain. This is wrong and anyone making his Local domain writable by all
users is making his multi-user Unix system largely unsecure, because then
anyone can install a tool in the Local domain, and tools installed in the
Local domain will automatically be in the path of everyone (including
root), and *before* tools in the System domain. So any user could just
drop a malicious/modified openapp tool in the Local domain, and next time
root types 'openapp GNUMail', he would actually be executing that
malicious/modified openapp tool as root. I can't think of an easier
exploit to take over a machine.
The Local domain is the equivalent of /usr/local - it should be owned by
root and writable by root only. It contains software specific/custom for
that machine (as opposed to software installed with the distribution), but
still installed and managed by the machine *administrator*.
User specific software should be installed in the User domain (the
document makes no mention of this). Installing in the User domain also
allows different users to install different copies/versions of the same
software, and each one will only see/use his own copy/version - which
looks cool.
Another issue is that Network/Servers and Network/Users make no sense /
have no relevance to the document and should be removed.