put all applications in a single folder?

Discussion in 'all things UNIX' started by lurningcerv, Jun 4, 2014.

Thread Status:
Not open for further replies.
  1. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    Ubuntu 12.04 LTS

    From what I have read here, it seems to me to be a good idea to only allow execution from a single folder or maybe just a couple folders, and then restrict write access to those folders? Is that correct, or is there some reason i shouldn't do that? I'm assuming the folder would be usr/bin . . . right?
     
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Linux already does this. :)

    Most applications go in /usr/bin, shared libraries go under /usr/lib, various resources in /usr/share. Those folders are owner root, group root, rwxr-xr-x, i.e. anyone can read or execute from them but only root can write. Since you're running as a limited user, a rogue application can't write to itself or another application to obtain persistence, unless some kind of privilege escalation exploit is involved.

    From a malware persistence standpoint, Linux is actually pretty good.

    (Until you start running servers and having people inject code into your webapps and exploit their way to root... But that's another matter. Between design and 50x smaller user base, desktop Linux is fairly secure in practice.)
     
  3. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    I have an application in my laptop that installed itself in usr/share/.
     
Loading...
Thread Status:
Not open for further replies.