<div>agree to all above, </div> <div> </div> <div>if I create a package (normally under Solaris, sorry I'm a Solaris person and spying on you :) ) I make the permissions as strict as possible. </div> <div> </div> <div>IMHO there is normally no reason WHY a binary executable should be readable. I checked my laptop (FC4) and saw the permissions indeed 755 for bash. A 111 (---x--x--x) is normally enough for a binary. In very rare cases a suid/sgid should (not) be set (see my grey hair).The kernel will still read it though magic and kernel drivers. Script permissions is another story off-course. </div> <div> </div> <div>My strategy is to make it as difficult as much to myself and try to secure the system from bottom-up. In other words, I should re-define permissions as strict as possible in the rpm. But that is another discussion.</div> <div> </div> <div>This might be a point for FC6??</div> <div> </div> <div> </div> <div><span class="gmail_quote">2006/1/5, Russell Coker <<a href="mailto:russell@coker.com.au">russell@coker.com.au</a>>:</span> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Wednesday 04 January 2006 07:16, darrell pfeifer <<a href="mailto:darrellpf@gmail.com">darrellpf@gmail.com </a>><br>wrote:<br>> I have very current rawhide system. This morning I updated bash,<br>> selinux, coreutils, binutils, glibc....<br><br>libsetrans-0.1.13-1 is broken in regard to rpm, which could potentially cause <br>cascading failures. Best to upgrade or downgrade that package. Not sure if<br>it's related to your problem though.<br><br>> I used a set of FC4 disks to boot into rescue mode. Bash had only read<br>> permission for group/other. Changing bash to rw for everyone got me a <br>> runnable system again.<br><br>You certainly don't want rw for everyone! Bash should be mode 0755 or<br>similar, r-x for everyone.<br><br>--<br><a href="http://www.coker.com.au/selinux/">http://www.coker.com.au/selinux/ </a> My NSA Security Enhanced Linux packages<br><a href="http://www.coker.com.au/bonnie++/">http://www.coker.com.au/bonnie++/</a> Bonnie++ hard drive benchmark<br><a href="http://www.coker.com.au/postal/">http://www.coker.com.au/postal/ </a> Postal SMTP/POP benchmark<br><a href="http://www.coker.com.au/~russell/">http://www.coker.com.au/~russell/</a> My home page<br><br>--<br>fedora-devel-list mailing list<br><a href="mailto:fedora-devel-list@redhat.com"> fedora-devel-list@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/fedora-devel-list">https://www.redhat.com/mailman/listinfo/fedora-devel-list</a><br></blockquote></div><br><br clear="all"><br>-- <br>Peter Bieshaar <br>NL(0)6 29577255