RFC: Remove write permissions from executables
Till Maas
opensource at till.name
Mon Jan 25 17:58:27 UTC 2010
On Fri, Jan 22, 2010 at 12:19:49PM +0100, Miloslav Trmač wrote:
> We can extend the protection to all executables by a simple addition to
> redhat-rpm-config (https://bugzilla.redhat.com/show_bug.cgi?id=556897 ).
> After applying this patch, executable files in all rebuilt packages
> would not be writeable, most often using mode 0555.
> What do you think?
Is there a tracker about what else needs to be done to finish this up?
E.g. non-executable interpreted libraries will then still be writable:
/usr/lib/python2.6/site-packages/yum
Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100125/1fb50424/attachment.bin
More information about the devel
mailing list