Re: W: executable-is-not-world-readable usr/bin/staprun 4750

Re: W: executable-is-not-world-readable usr/bin/staprun 4750

[Frank Ch. Eigler]

Hi, Timo -

On Thu, Aug 11, 2011 at 05:35:34PM +0300, Timo Juhani Lindfors wrote:
> [...]
> the lintian tool in debian reports
> W: executable-is-not-world-readable usr/bin/staprun 4750
> [...]
> http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2
> 
> Since you wrote that patch, can you comment a bit on it? Would restoring
> read (not execute!) permissions still be acceptable?

I can't think of any harm to making the permissions 4754.  FWIW, in
Fedora, we have lots of setuid executables with only rwx--x--x type
permissions.


> As the lintian rationale
> "
>     All executables should be readable by any user. Since anyone can
>     download the Debian package and obtain a copy of the executable, no
>     security is gained by making the executable unreadable [...]
> [...]
> -- http://lintian.debian.org/tags/executable-is-not-world-readable.html
> says this should really not cause security problems.

I believe it.  Unless someone makes an argument against it, I'd be
OK with changing the systemtap.spec/Makefile settings likewise.

- FChE