[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#3063: sudo executable not readable?

Rob Leslie writes: (referring to sudo and visudo)
> > Is there a compelling reason not to give these files mode 4755 and 755
> > (respectively) as the packaging guidelines suggest?

On Mon, 20 May 1996, Michael Meskes wrote:
> Thinking about it one more time I wonder why the program should have mode
> 4755, except that this is what the packaging guidelines suggest. Personally
> I'd like to have noone read it (call me paranoid :-)). Any opinions?

What's the point?  Both the binaries _and_source_ are freely available
from any archive of our distribution. 

I've found it useful to have binaries installed 755 when I'm using a
computer that has network access, and it doesn't have a working copy of a
program I want to use.  For an example, this happens particularly on PC's
in my college's shared computer room.  They run a very minimal Linux
system. If, say, the ping binary was missing, all I have to do is FTP to
my Linux box and get /bin/ping.

More generally, it's often handy to have a complete Linux system handy as
an archive of software, to users other than root.  I can see no real
significant security gain from making the binaries unreadable.  If there
is a reason for doing this you think I'm missing, please point it out. 



Michael Nonweiler <mrn20@cam.ac.uk>
Trinity College, Cambridge, England.

Reply to: