On 12.6.2018 20:15, Reindl Harald wrote:
This is more like a security by obscurity approach. This "another layer"
is just one step. It's like putting a duct tape over a keyhole and call
it extra security
bullshit
Thanks for the tone, it is very helpful.
when the exploit is naively written it just tries to put a binary in the
directory and on well configured system you don't put ANYTHING in front
of PATH
man chattr
[root@srv-rhsoft:~]$ touch /home/harry/.bashrc
touch: setting times of '/home/harry/.bashrc': Operation not permitted
Excellent. So the file is immutable. Since you were clever enough to
make it so, you probably care enough to change the line that prepends
the PATH in there. Or is that too complicated?
We are changing the default and we are saying that it will not lower the
security. If users want to make steps into increasing security that's
good. And we are not blocking them by this change.
but luckily Fedora was too long too stupid get rid of /bin and /sbin
after UsrMove so that i don't care about any defaults any longer
Funny how you don't care yet you keep sending the e-mails.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/M32M74CLD6IIHR46XYCDKBJVRSL7GZP6/
