diff options
Diffstat (limited to '')
-rw-r--r-- | tags/n/non-standard-setuid-executable-perm.tag | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/tags/n/non-standard-setuid-executable-perm.tag b/tags/n/non-standard-setuid-executable-perm.tag new file mode 100644 index 0000000..57c42d0 --- /dev/null +++ b/tags/n/non-standard-setuid-executable-perm.tag @@ -0,0 +1,10 @@ +Tag: non-standard-setuid-executable-perm +Severity: warning +Check: files/permissions +Explanation: The file is setuid or setgid and has a mode different from any of + 2755, 4755, 4754, or 6755. Any other permissions on setuid executables + is probably a bug. In particular, removing root write privileges serves + no purpose, group-writable setuid or setgid executables are probably bad + ideas, and setgid executables that are not world-executable serve little + purpose. +See-Also: debian-policy 10.9 |