On Fri, Jan 22, 2010 at 12:19:49PM +0100, Miloslav Trmač wrote: > We can extend the protection to all executables by a simple addition to > redhat-rpm-config (https://bugzilla.redhat.com/show_bug.cgi?id=556897 ). > After applying this patch, executable files in all rebuilt packages > would not be writeable, most often using mode 0555. > What do you think? Is there a tracker about what else needs to be done to finish this up? E.g. non-executable interpreted libraries will then still be writable: /usr/lib/python2.6/site-packages/yum Regards Till
Attachment:
pgpm9TataMbKD.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel