RFC: Remove write permissions from executables
Chris Adams
cmadams at hiwaay.net
Fri Jan 22 14:06:44 UTC 2010
Once upon a time, Miloslav TrmaÄ? <mitr at volny.cz> said:
> We can extend the protection to all executables by a simple addition to
> redhat-rpm-config (https://bugzilla.redhat.com/show_bug.cgi?id=556897 ).
> After applying this patch, executable files in all rebuilt packages
> would not be writeable, most often using mode 0555.
Please don't take away read permission without good reason. I have on
many occasion grepped for strings in binaries (who touches a particular
config file for example).
There is no reason to remove world-read permission on something anybody
can download from their favorite mirror.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the devel
mailing list