On Tue, Oct 28, 2003 at 02:11:47PM +0100, Andreas Metzler wrote: > > Why read only for other? Given that they can't execute what is > > presumably a compiled binary I'd treat them as untrusted and not allow > > them to read it at all. > > Why? Quoting policy because I can't reason better: "They should not be made > unreadable [...]; doing so achieves no extra security, because anyone can find > the binary in the freely available Debian package; it is merely inconvenient. > For the same reason you should not restrict read or execute permissions on > non-set-id executables."
Ahhh a section I had read and then blissfully forgotten. I guess I agree with the assessment there. > If you decide to allow selecting permissions with debconf at > install-time via debconf you have to take care of dpkg-statoverride > one way or the other: Agreed. Steve -- # Debian Security Audit Project http://www.steve.org.uk/Debian/
