On Fri, 31.10.14 10:04, Andrew Lutomirski (l...@mit.edu) wrote: > I filed an FPC ticket: https://fedorahosted.org/fpc/ticket/467 > > Thoughts?
I very much agree with this, but I'd really prefer if we'd list what is allowed rather than just declare what is forbidden. A short list like this should be everything we should allow in /usr: a) symlinks b) directories with access mode 0555 c) files with access mode 0444 (optionally 0644 if owned by root user) d) files with access mode 0555 (optionally 0755 if owned by root user) e) files with access mode 2555 (optionally 2755 if owned by root user) f) files with access mode 4555 Or something like that. That said, there appears to be some form of cargo-cult programming around, for example the audit packages carries a lot of non-sensical access modes, for security theatre reasons. Good luck with getting that package fixed! Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
