summaryrefslogtreecommitdiffstats
path: root/tags/n/non-standard-setuid-executable-perm.tag
diff options
context:
space:
mode:
Diffstat (limited to 'tags/n/non-standard-setuid-executable-perm.tag')
-rw-r--r--tags/n/non-standard-setuid-executable-perm.tag10
1 files changed, 10 insertions, 0 deletions
diff --git a/tags/n/non-standard-setuid-executable-perm.tag b/tags/n/non-standard-setuid-executable-perm.tag
new file mode 100644
index 0000000..57c42d0
--- /dev/null
+++ b/tags/n/non-standard-setuid-executable-perm.tag
@@ -0,0 +1,10 @@
+Tag: non-standard-setuid-executable-perm
+Severity: warning
+Check: files/permissions
+Explanation: The file is setuid or setgid and has a mode different from any of
+ 2755, 4755, 4754, or 6755. Any other permissions on setuid executables
+ is probably a bug. In particular, removing root write privileges serves
+ no purpose, group-writable setuid or setgid executables are probably bad
+ ideas, and setgid executables that are not world-executable serve little
+ purpose.
+See-Also: debian-policy 10.9
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-04 12:14:34 +0000