| 1 |
On 22 February 2015 at 18:06, Gordon Pettey <petteyg359@×××××.com> wrote: |
| 2 |
|
| 3 |
> |
| 4 |
> Protect the permissions on the files, not the editors - there's always |
| 5 |
> another way to get content into a file if you have write permission to it. |
| 6 |
> If you try to do that with a g+xo-x, then you're going to have to do the |
| 7 |
> same for every single command that can put output in a file (sed, curl, |
| 8 |
> wget, heck, anything that can be piped, every shell), and then your system |
| 9 |
> doesn't even need users anymore, because no user can do anything at all for |
| 10 |
> fear they might write to a file! |
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
Indeed, which is why I think Ulrich may have been joking =). |
| 15 |
|
| 16 |
Though conceptually its a useful question, because gentoo are not going to |
| 17 |
anticipate all the security strictures a user is likely to want. |
| 18 |
|
| 19 |
For instance, perhaps a sysadmin simply wants to lock up GCC and make, |
| 20 |
having a straight forward way do to that in bashrc would help them achieve |
| 21 |
that, without them having to dish out a full ACL/LDAP setup, and without |
| 22 |
then needing to retouch the perms manually every install. |
| 23 |
|
| 24 |
And that would be preferable IMO than a system wide proliferation of USE |
| 25 |
flags to regulate such a thing. |
| 26 |
|
| 27 |
|
| 28 |
-- |
| 29 |
Kent |
| 30 |
|
| 31 |
*KENTNL* - https://metacpan.org/author/KENTNL |
Archives