LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   location of programs and security (https://www.linuxquestions.org/questions/linux-security-4/location-of-programs-and-security-511020/)

count_D 12-16-2006 06:24 AM
location of programs and security
 
Hello

I just wanted to know if the location of programs does in any way affect the security of my system. Does it make sense to put network related stuff in my homedirectory or is this unnecessary paranoia?

live_dont_exist 12-16-2006 06:57 AM
Why would you want to put network related stuff in your home directory? BTW what do you mean by network related stuff??

Cheers
Arvind

count_D 12-16-2006 07:04 AM
Things like tor and privoxy. Filesharing programs. Please keep in mind that i'm just a user without a programming background. I just want to know if it makes any difference if i run these programs from my homedirectory and what this diffrence would be.

live_dont_exist 12-17-2006 12:23 AM
No there's no difference wherever you run it from , except that you should be installing software(any software..not just network related) in /opt or any other partition.

Home directory is fine...but it causes confusion incase you run into trouble or need to reorganize. You'd want to have all your software in 1 place so its easy to find.

If you dont have permission to write into /opt then I guess you'll want to create a /home/count_D/software directory and install stuff into that.

Cheers
Arvind

count_D 12-17-2006 07:37 AM
Thanks for the answer.

unSpawn 12-17-2006 07:57 AM
I just wanted to know if the location of programs does in any way affect the security of my system. Does it make sense to put network related stuff in my homedirectory or is this unnecessary paranoia?

Here's my take on it. If a system service (a "daemon" or serving application) is run it becomes a process. The process is started from the root account user and then run under a specific user. The root account allows for instance the process to be bound to a port below 1024, and the transfer to the user account ("drop rights") gives the process limited rights (as in access to system resources). While daemons start out as a root-owned process, they should not continue running as root-owned process. This goes for TOR, Privoxy, SSH, Apache, and all the other daemons. Make sure the service is not configured with insecure settings and network (public) access is restricted using your firewall and the configuration options. To limit rights further the process can be run under SELinux, RBAC or within a "jail" or "chroot".

If you run an application from your own user account it also becomes a process, but since the process is started by your user the process already has limited rights (OK, except setuid stuff, nevermind here). This is the way your run apps from your console or "desktop" like pine, OpenOffice.org and all the other user applications. Network access can be restricted by the systems firewall. Process rights can be limited further if the system runs SELinux or RBAC.

So, in short: the location is not the most important (except for managability and FSSTND or FHS compliance), but how it is configured to run and who runs it. Running a system service (TOR, Privoxy) from your own user account is not necessary if the system is properly configured, and running user applications from the root user account should not happen (at all unless configuring things requires so).

introuble 12-17-2006 08:59 AM
Quote:
I just wanted to know if the location of programs does in any way affect the security of my system
Well.. yes.. if their location is read-only media :) (Like a CD, or whatever.)


All times are GMT -5. The time now is 09:05 AM.