Package: runit Version: 2.1.2-3 Severity: normal File: /usr/bin/svlogd svlogd, when rotating, sets the log files as executable.
while this is documented in the man page, no reason is given, neither why one would tamper with file permissions at all (which would usually be configured by umask at creation time), nor why the files should be executable. files that are executable *and* have a non-self-evident file name are suitable to raise all kinds of red flags with users, especially in directories where no executable files are to be expected. please disable that behavior, make it optional and/or document why it is required. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages runit depends on: ii libc6 2.19-18 Versions of packages runit recommends: ii fgetty 0.6-5 Versions of packages runit suggests: pn socklog-run <none> -- no debconf information -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
signature.asc
Description: Digital signature
