* Re: W: executable-is-not-world-readable usr/bin/staprun 4750
[not found] ` <84zkjguibt.fsf_-_@sauna.l.org>
@ 2011-08-11 14:41 ` Frank Ch. Eigler
0 siblings, 0 replies; only message in thread
From: Frank Ch. Eigler @ 2011-08-11 14:41 UTC (permalink / raw)
To: Timo Juhani Lindfors; +Cc: rrs, systemtap
Hi, Timo -
On Thu, Aug 11, 2011 at 05:35:34PM +0300, Timo Juhani Lindfors wrote:
> [...]
> the lintian tool in debian reports
> W: executable-is-not-world-readable usr/bin/staprun 4750
> [...]
> http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2
>
> Since you wrote that patch, can you comment a bit on it? Would restoring
> read (not execute!) permissions still be acceptable?
I can't think of any harm to making the permissions 4754. FWIW, in
Fedora, we have lots of setuid executables with only rwx--x--x type
permissions.
> As the lintian rationale
> "
> All executables should be readable by any user. Since anyone can
> download the Debian package and obtain a copy of the executable, no
> security is gained by making the executable unreadable [...]
> [...]
> -- http://lintian.debian.org/tags/executable-is-not-world-readable.html
> says this should really not cause security problems.
I believe it. Unless someone makes an argument against it, I'd be
OK with changing the systemtap.spec/Makefile settings likewise.
- FChE
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-08-11 14:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <84d3gcvykh.fsf@sauna.l.org>
[not found] ` <20110811141934.GF23086@redhat.com>
[not found] ` <84zkjguibt.fsf_-_@sauna.l.org>
2011-08-11 14:41 ` W: executable-is-not-world-readable usr/bin/staprun 4750 Frank Ch. Eigler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).