Subject: Re: misc/143: Setuid programs installed unreadable
To: Peter Galbavy <>
From: Chris Hopps <>
List: netbsd-bugs
Date: 03/01/1994 04:48:46
> > > as for 'crontab' some would argue that making it readable is OK,
> > > but i think leaving it unreadable is a reasonable security measure to
> > > take.
> > 
> > I don't get it. Since anyone can FTP the source to these things, how does
> > making the binaries unreadable help?
> I have to second this. I think security through obscurity is great
> with the non-technical, but just let a student at them... If everything
> is readable, then there is nothing to "hide" and people (me for one)
> feel less inclinded to worry about hidden bugs.

Well first its ironic everyone talking about this is quoting the part
the refers to a locally changable *text* file..

Second I can't even remember the binries in question however
regardless I must point out:

1) binaries are not source, some source on some site's compiles into
binary form differently from the same source on another site.

2) while netbsd is in development, yes you can almost bet that *most*
of the time the source for the binary in question is available.  This
would not be the case if local changes were made to the source tree.

3) it's not about this binary or that its about a secure philosophy.
Binaries that are for restricted use should echo intended restrictions
in the access bits.  Picking nits over whether source is available or
whether the binary or text in question holds a security risk if read is
not an issue, consistancy is.

If the source is available then the people who *really* want to
"read" that binary can go fetch it from wherever and compile

> Peter Galbavy				e-mail: