diff options
Diffstat (limited to 'tags/e/executable-is-not-world-readable.tag')
-rw-r--r-- | tags/e/executable-is-not-world-readable.tag | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/tags/e/executable-is-not-world-readable.tag b/tags/e/executable-is-not-world-readable.tag new file mode 100644 index 0000000..517ea3b --- /dev/null +++ b/tags/e/executable-is-not-world-readable.tag @@ -0,0 +1,9 @@ +Tag: executable-is-not-world-readable +Severity: warning +Check: files/permissions +Explanation: All executables should be readable by any user. Since anyone can + download the Debian package and obtain a copy of the executable, no + security is gained by making the executable unreadable even for setuid + binaries. If only members of a certain group may execute this file, + remove execute permission for world, but leave read permission. +See-Also: debian-policy 10.9 |