1 |
On Friday, April 8, 2016 5:14:42 PM CEST, M. J. Everitt wrote: |
2 |
> On 08/04/16 16:02, Rich Freeman wrote: |
3 |
>> The only mandatory component in a linux system, by definition, is the |
4 |
>> Linux kernel. |
5 |
>> |
6 |
>> A linux system could consist of nothing but a kernel with |
7 |
>> init=/usr/local/bin/hello-world. |
8 |
>> |
9 |
>> Most traditional linux distros are going to run policykit though. Of ... |
10 |
> Being serious though, and playing Devil's Advocate of course, assuming |
11 |
> you have no use for a desktop manager, etc, hence no need for dbus or |
12 |
> it's 'friends' and policykit or it's pals, and you're not a "systemd |
13 |
> fan" etc .. how are we granting the correct permissions for binaries .. |
14 |
> just relying now on the owner and execute bits being set perfectly for |
15 |
> each binary, assuming everything is arbitrarily moved to /xbin ... |
16 |
|
17 |
owner and x bit is not a security measure at all: if you need +x, you just |
18 |
compile your own in ~ that you'll own. what is a security measure is kernel |
19 |
refusing to give you access to ressources so that your binary does what it |
20 |
is supposed to (either standard kernel or more complex things like grsec) |