RFC: Remove write permissions from executables

Till Maas opensource at till.name
Mon Jan 25 17:58:27 UTC 2010

On Fri, Jan 22, 2010 at 12:19:49PM +0100, Miloslav Trmač wrote:

> We can extend the protection to all executables by a simple addition to
> redhat-rpm-config (https://bugzilla.redhat.com/show_bug.cgi?id=556897 ).
> After applying this patch, executable files in all rebuilt packages
> would not be writeable, most often using mode 0555.

> What do you think?

Is there a tracker about what else needs to be done to finish this up?
E.g. non-executable interpreted libraries will then still be writable:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100125/1fb50424/attachment.bin 

More information about the devel mailing list