Claudio Freire wrote:
On Mon, Mar 31, 2014 at 6:35 PM, Linda Walsh
wrote: No, it wasn't.
The first and main issue was:( from https://lwn.net/Articles/482544/)
On systems that have user-writable directories on the same partition as system files, a long-standing class of security issues is the hardlink-based time-of-check-time-of-use race, most commonly seen in world-writable directories like /tmp.
Yes, the problem here is that all systems (except those partitioned excessively and paranoically as in one partition per user) have user-writeable system partitions.
You don't need separate / user you need users separate from system. you may also need to disallow creating world-writeable files in world-writeable directories like tmp.
/tmp is a good example that didn't change;
--- There have been multiple proposals for users to use ~/.tmp as on windows or to use fs-namespace separation to achieve the same. However, a file owned by root in /tmp wouldn't be linkable except to another file in /tmp owned by root...what does that buy you? Current setup (its changed over the years) / 1 partition /usr 1 partition /usr/share 1 partition (mostly due to overflowing /usr) /var - 1 partition /tmp - 1 partition, though later sharing space on /var /home separate /var/cache - separate partition. /var/spool was separate at one point but is part of /var now. ---- different daemons ran as different user & group so as not to have access to other daemon's files, automatically (another change, BTW, that I pushed for via multiple bug reports).
(you've got many daemons that can write there and thus, if you manage to compromise them, compromise the whole system in turn).
not if they are each in their own userspace.
I could probably find other examples - thing is, this protection was necessary before, and still is.
--- Not by any of the reasons you gave above.
Also... I didn't see in the OP any proposal to improve the current state.
---- See the above. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org