2.5.2p2 ssh-keyscan installed group writable?

Wed Mar 28 09:55:12 EST 2001

I totally agree and understand this example, but I can't help thinking
relying on read permissions to "secure" a binary is exactly the same as
"security through obscurity" :)

-rchit

> 2.  Install *all* executables (not just SetUID)
>         as mode 511 (or 4511 if appropriate).
>         There's no reason why root needs to be
>         able to routinely overwrite them,
>         and there's no reason why non-root
>         users need to be able to routinely
>         copy them or run strings/objdump on them...
>         so why allow it?  This will require
>         an additional step during an upgrade,
>         but could also prevent accidental
>         or intentional overwriting which is
>         not desireable.