amcheck check the 'r' all permission, but it is executed even if the permission are not correct.
I removed the check for 'r' all . Jean-Louis On 17/10/17 03:18 AM, Jon LaBadie wrote: > On Tue, Oct 17, 2017 at 07:21:02AM +0200, Uwe Menges wrote: >> On 10/16/17 21:32, Austin S. Hemmelgarn wrote: >>> Aside from that though, it's a case where the benefit to security is >>> dependent on things that just aren't true for most systems amanda is >>> likely to run on, namely that an attacker is: >>> >>> 1. Unable to determine what type of system you're running on. (This is a >>> patently false assumption on any publicly available distro, as well as >>> most paid ones like OEL, RHEL, and SLES). >>> & >>> 2. Unable to access the packages directly. >> What do these points have to do with the suid binary not being read- and >> executable by normal users on that system? >> >> I think one "why" explanation is that a local user probably can't >> exploit eventual issues in the suid binary if he can't execute it. >> > The question was why they are read protected. Read permission is not > needed for execution. If someone wanted to look at the binary, the > lack of read permissions on the installed copy won't prevent them from > getting their own copy from the install package. > > jl This message is the property of CARBONITE, INC. and may contain confidential or privileged information. If this message has been delivered to you by mistake, then do not copy or deliver this message to anyone. Instead, destroy it and notify me by reply e-mail
