> How about group access privileges on the offending executables? > > Seems to me to be the natural method of restricting access to stuff. > That is no good unless you restricket adding new binaries, or building from source. Gustavo -- To UNSUBSCRIBE, email to debian-security-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org