On Sun, 10 Oct 2010 21:09:38 +1300 Simon Geard <[email protected]> wrote:
> On Sat, 2010-10-09 at 23:15 +0100, Andrew Benton wrote: > > Also, you may need to tweak your glibc check to work on systems that > > don't have executable shared libraries. On my systems almost all shared > > libraries (including /lib/libc.so.6) have permissions 644 so I get: > > Out of curiosity, why do you do things that way? It's certainly unusual; > indeed, I always assumed .so files were required to be executable - > otherwise why would every single distribution and installer make them > so? > I got the idea from Ubunut, where most of the .so files are 644. I don't have any firm reason to recommend it, other than paranoia and the feeling that files should have the minimum permissions needed to do their job. If a file doesn't need to be executable it seems a security risk to have the execute bit set. I don't know how someone could exploit that but if there's no problem having .so files chmod 644 I'd rather be safe than sorry. Except for /lib/ld-*.so. It needs to be executable. Everything stops working if /lib/ld-*.so is chmod 644. Andy -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
