Mike Hearn <[email protected]> writes:
> In practice most desktop apps use "prefix paths" to locate their own data
> files. They don't usually send those file paths to other processes, not even in
> the case of things like GIMP plugins.
Programs that ssh to another machine and run commands are likely
to send paths.
>> IMO it's still best to just symlink the program directory to the correct place
>> and make the programs search in e.g. ~/opt/ and /opt/.
>
> That also suffers from namespace conflicts ;)
I looked at your original proposal some more and it fails
miserably for shell scripts. Basically they all get / as
their prefix, no matter where in the filesystem you put them.
Also there is a very serious problem with suid exectuables.
If a non privileged user has write access to the same filesystem
the exectuables live on they can create a hard link to those
files and change the prefix. Quite possibly getting the suid
executables to trust a new set of exectuables.
So this scheme appears to have many if not all of same security issues
as private namespaces.
Given that mostly it will be junior programmers packaging applications
behind the backs of the authors of the code that will implement this
scheme we could introduce all kinds of problems that no one will
notice for quite a while.
Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
