On Tuesday 29 August 2006 00:20, thorsten wrote: > I even would go one step further, a normal user is not able to > troubleshoot network problems so why should he pe able to ping? > chmod 0711 /bin/ping
1. No, actually. For example, I work as a usual user and when a browser become too slow I firstly check if I can ping something to ensure the problem isn't in the connection. 2. In your example we can just use 0700. On Tuesday 29 August 2006 00:34, Bruce Dubbs wrote: > Vladimir A. Pavlov wrote: > > Second, shouldn't it be 4711 rather than 4755? The read-by-others > > access to a SUID file is a security hole. > > Blocking read access wouldn't hurt anything, but wouldn't gain > anything either. Do you care if someone can copy the file? > Virtually everything in /bin is 755 and some have the suid bit set > too. You are free to remove the read permissions on your system if > you want. I mean a user able to read a file can disassemble it and find security holes in it. Nevertheless I understand few people will actually try to hack a system in such a way. -- Nothing but perfection pv -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
