Re: Bug#3063: sudo executable not readable?
Rob Leslie writes: (referring to sudo and visudo)
> > Is there a compelling reason not to give these files mode 4755 and 755
> > (respectively) as the packaging guidelines suggest?
On Mon, 20 May 1996, Michael Meskes wrote:
> Thinking about it one more time I wonder why the program should have mode
> 4755, except that this is what the packaging guidelines suggest. Personally
> I'd like to have noone read it (call me paranoid :-)). Any opinions?
What's the point? Both the binaries _and_source_ are freely available
from any archive of our distribution.
I've found it useful to have binaries installed 755 when I'm using a
computer that has network access, and it doesn't have a working copy of a
program I want to use. For an example, this happens particularly on PC's
in my college's shared computer room. They run a very minimal Linux
system. If, say, the ping binary was missing, all I have to do is FTP to
my Linux box and get /bin/ping.
More generally, it's often handy to have a complete Linux system handy as
an archive of software, to users other than root. I can see no real
significant security gain from making the binaries unreadable. If there
is a reason for doing this you think I'm missing, please point it out.
Thanks,
Michael.
--
Michael Nonweiler <mrn20@cam.ac.uk>
Trinity College, Cambridge, England.
Reply to: