| 1 |
On Friday, April 8, 2016 5:14:42 PM CEST, M. J. Everitt wrote: |
| 2 |
> On 08/04/16 16:02, Rich Freeman wrote: |
| 3 |
>> The only mandatory component in a linux system, by definition, is the |
| 4 |
>> Linux kernel. |
| 5 |
>> |
| 6 |
>> A linux system could consist of nothing but a kernel with |
| 7 |
>> init=/usr/local/bin/hello-world. |
| 8 |
>> |
| 9 |
>> Most traditional linux distros are going to run policykit though. Of ... |
| 10 |
> Being serious though, and playing Devil's Advocate of course, assuming |
| 11 |
> you have no use for a desktop manager, etc, hence no need for dbus or |
| 12 |
> it's 'friends' and policykit or it's pals, and you're not a "systemd |
| 13 |
> fan" etc .. how are we granting the correct permissions for binaries .. |
| 14 |
> just relying now on the owner and execute bits being set perfectly for |
| 15 |
> each binary, assuming everything is arbitrarily moved to /xbin ... |
| 16 |
|
| 17 |
owner and x bit is not a security measure at all: if you need +x, you just |
| 18 |
compile your own in ~ that you'll own. what is a security measure is kernel |
| 19 |
refusing to give you access to ressources so that your binary does what it |
| 20 |
is supposed to (either standard kernel or more complex things like grsec) |
Archives