On 16/10/17 01:48 PM, Jon LaBadie wrote: > On Mon, Oct 16, 2017 at 08:12:43AM -0400, Jean-Louis Martineau wrote: >> On 14/10/17 12:12 PM, Jose M Calhariz wrote: >>> On Sat, Oct 14, 2017 at 11:36:09AM -0400, Jean-Louis Martineau wrote: >>>> On 14/10/17 11:14 AM, Jose M Calhariz wrote: >>>>> -rwsr-xr-- 1 root backup 10232 Oct 13 17:23 ambind >>>> ambind must not be readable by all >>>> >>>> -rwsr-x--- 1 root backup 10232 Oct 13 17:23 ambind >>> Thank you for the quick reply. May I ask why "ambind must not be >>> readable by all" ? >> All suid program in amanda are always installed like this. >> > Why are all amanda suid programs installed this way? It's before I was born, maybe not, but before I started to work on the amanda software. It's kind of security by hiding, it's harder to find a vulnerability in the suid binary if you can't read it. It make sense when you build yourself, but not when doing a package where everyone can read the files in the package. The group probably do not read the 'r' bit either.
Do you think amcheck should not check if the suid binary are readable by all? Jean-Louis > > Jon This message is the property of CARBONITE, INC. and may contain confidential or privileged information. If this message has been delivered to you by mistake, then do not copy or deliver this message to anyone. Instead, destroy it and notify me by reply e-mail
