Bug#573015: libutempter0: /usr/lib/utempter/utempter should be world readable
Package: libutempter0
Version: 1.1.5-2
Severity: normal
Hello,
The wrapper utempter is not world readable:
> % ls -al /usr/lib/utempter/utempter
> -rwx--s--x. 1 root utmp 4940 2009-08-29 13:03 /usr/lib/utempter/utempter
According to Debian policy, executables should be world-readable[1]:
> Setuid and setgid executables should be mode 4755 or 2755 respectively,
> and owned by the appropriate user or group. They should not be made
> unreadable (modes like 4711 or 2711 or even 4111); doing so achieves
> no extra security, because anyone can find the binary in the freely
> available Debian package; it is merely inconvenient.
In my case, I wanted to run debsums (as non root), but it failed with:
> debsums: can't open libutempter0 file /usr/lib/utempter/utempter
> (Permission denied)
The patch is trivial:
==================
--- rules.orig 2010-03-08 10:46:48.000000000 +0100
+++ rules 2010-03-08 10:46:51.000000000 +0100
@@ -5,7 +5,7 @@
override_dh_fixperms:
dh_fixperms
- chmod 2711 debian/libutempter0/usr/lib/utempter/utempter
+ chmod 2755 debian/libutempter0/usr/lib/utempter/utempter
chown root:utmp debian/libutempter0/usr/lib/utempter/utempter
.PHONY: override_dh_auto_test
==================
Franklin
[1] http://www.debian.org/doc/debian-policy/ch-files.html#s10.9
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (101, 'unstable'), (10, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.33-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libutempter0 depends on:
ii adduser 3.112 add and remove users and groups
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
libutempter0 recommends no packages.
libutempter0 suggests no packages.
-- no debconf information
Reply to: