On 10/16/17 21:32, Austin S. Hemmelgarn wrote: > Aside from that though, it's a case where the benefit to security is > dependent on things that just aren't true for most systems amanda is > likely to run on, namely that an attacker is: > > 1. Unable to determine what type of system you're running on. (This is a > patently false assumption on any publicly available distro, as well as > most paid ones like OEL, RHEL, and SLES). > & > 2. Unable to access the packages directly.
What do these points have to do with the suid binary not being read- and executable by normal users on that system? I think one "why" explanation is that a local user probably can't exploit eventual issues in the suid binary if he can't execute it. Yours, Uwe
