4
I have noticed that in all Linux systemsArchLinux*
, certain setuid
programs come with rather unusual permissions:
-r-sr-xr-x root root /bin/su* ---s--x--x root root /usr/bin/sudo*
The question is, why is the sudo
binary set to be only readable to root? What's the point of that? Why can't it be like su
?
Edit: After reinstalling sudo
, it doesn't have read/write either.
(*
I could've sworn I have seen the same in Debian. Apparently not.)
And if you can compile it on your own? Won't that make it even easier? – user1686 – 2009-11-09T14:17:45.697
1It's just an extra hurdle that a would-be attacked would have to jump. It's not enough on its own but as an extra layer of protection it might be worth it. – Stephen Darlington – 2009-11-09T15:05:30.813