[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Audio Apps Mini-Policy, v0.1

On Tue, Oct 28, 2003 at 02:11:47PM +0100, Andreas Metzler wrote:

> >   Why read only for other?  Given that they can't execute what is
> >  presumably a compiled binary I'd treat them as untrusted and not allow
> >  them to read it at all.
> Why? Quoting policy because I can't reason better: "They should not be made
> unreadable [...]; doing so achieves no extra security, because anyone can find
> the binary in the freely available Debian package; it is merely inconvenient.
> For the same reason you should not restrict read or execute permissions on
> non-set-id executables."

  Ahhh a section I had read and then blissfully forgotten.  I guess I
 agree with the assessment there.

> If you decide to allow selecting permissions with debconf at
> install-time via debconf you have to take care of dpkg-statoverride
> one way or the other:

# Debian Security Audit Project

Reply to: