This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: W: executable-is-not-world-readable usr/bin/staprun 4750
- From: "Frank Ch. Eigler" <fche at redhat dot com>
- To: Timo Juhani Lindfors <timo dot lindfors at iki dot fi>
- Cc: rrs at debian dot org, systemtap at sourceware dot org
- Date: Thu, 11 Aug 2011 10:41:27 -0400
- Subject: Re: W: executable-is-not-world-readable usr/bin/staprun 4750
- References: <84d3gcvykh.fsf@sauna.l.org> <20110811141934.GF23086@redhat.com> <84zkjguibt.fsf_-_@sauna.l.org>
Hi, Timo -
On Thu, Aug 11, 2011 at 05:35:34PM +0300, Timo Juhani Lindfors wrote:
> [...]
> the lintian tool in debian reports
> W: executable-is-not-world-readable usr/bin/staprun 4750
> [...]
> http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2
>
> Since you wrote that patch, can you comment a bit on it? Would restoring
> read (not execute!) permissions still be acceptable?
I can't think of any harm to making the permissions 4754. FWIW, in
Fedora, we have lots of setuid executables with only rwx--x--x type
permissions.
> As the lintian rationale
> "
> All executables should be readable by any user. Since anyone can
> download the Debian package and obtain a copy of the executable, no
> security is gained by making the executable unreadable [...]
> [...]
> -- http://lintian.debian.org/tags/executable-is-not-world-readable.html
> says this should really not cause security problems.
I believe it. Unless someone makes an argument against it, I'd be
OK with changing the systemtap.spec/Makefile settings likewise.
- FChE