Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uunet!convex!convex.COM
From: tchrist@convex.COM (Tom Christiansen)
Newsgroups: comp.unix.questions
Subject: Re: SUMMARY: C Compiler Predefined Manifest Definitions
Message-ID: <105269@convex.convex.com>
Date: 23 Aug 90 15:27:23 GMT
References: <191@n4hgf.Mt-Park.GA.US> <12313@paperboy.OSF.ORG> <595@wattres.UUCP>
Sender: usenet@convex.com
Reply-To: tchrist@convex.COM (Tom Christiansen)
Organization: CONVEX Software Development, Richardson, TX
Lines: 20

In article <595@wattres.UUCP> steve@wattres.UUCP (Steve Watt) writes:
|Which brings up what I consider to be a strange point:  Why is it that most
|*NIX vendors ship systems with all the files in /bin and /usr/bin world-
|readable?  It seems to me that they only need to be world-executable...

Absurd.  If you are relying about people not knowing about something
for your security, than you've really no security at all.  

An unreadable binary is just annoying.  You can't run what or strings 
on it.  You can't adb it for your core dumps.  

But the point of it's being annoying secondary to the fact that it
just doesn't make sense to rely upon ignorance to protect you.

Security through obscurity isn't.

--tom
--
 "UNIX was never designed to keep people from doing stupid things, because 
  that policy would also keep them from doing clever things." [Doug Gwyn]