executable-is-not-world-readable

All executables should be readable by any user. Since anyone can download the Debian package and obtain a copy of the executable, no security is gained by making the executable unreadable even for setuid binaries. If only members of a certain group may execute this file, remove execute permission for world, but leave read permission.

For more information please consult:

Debian Policy Manual section 10.9

The tag is present in Lintian version 2.114.163. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.113.0 release tag in our Git repository.

You can find the detection logic for this version at commit 43a81d7. For merge requests, please use the latest version in the Lintian check files/permissions.

Visibility: warning

The following 8 source packages in the archive triggered the tag 21 times (in any Lintian version).

There were no overrides.

amanda

4750 [usr/lib/amanda/ambind]

cups-filters

0700 [usr/lib/cups/backend/cups-brf]
0700 [usr/lib/cups/backend/implicitclass]

firejail

0711 [usr/lib/x86_64-linux-gnu/firejail/fcopy]
0711 [usr/lib/x86_64-linux-gnu/firejail/fldd]
0711 [usr/lib/x86_64-linux-gnu/firejail/fnet]
0711 [usr/lib/x86_64-linux-gnu/firejail/fnetfilter]
0711 [usr/lib/x86_64-linux-gnu/firejail/fnettrace]
0711 [usr/lib/x86_64-linux-gnu/firejail/fseccomp]
0711 [usr/lib/x86_64-linux-gnu/firejail/fsec-optimize]
0711 [usr/lib/x86_64-linux-gnu/firejail/fsec-print]
0711 [usr/lib/x86_64-linux-gnu/firejail/fshaper.sh]

fis-gtm

4500 [usr/lib/x86_64-linux-gnu/fis-gtm/V6.3-014_x86_64/gtmsecshrdir/gtmsecshr]
4500 [usr/lib/x86_64-linux-gnu/fis-gtm/V6.3-014_x86_64/utf8/gtmsecshrdir/gtmsecshr]

integrit

0500 [usr/sbin/integrit]
0500 [usr/sbin/i-viewdb]

samba

0700 [usr/lib/x86_64-linux-gnu/samba/smbspool_krb5_wrapper]

sssd

4750 [usr/libexec/sssd/krb5_child]
4750 [usr/libexec/sssd/ldap_child]
4750 [usr/libexec/sssd/selinux_child]

0751 [usr/share/doc/xbs/examples/runex]