Linux: setuid programs without read permission

security linux

The first question that sprang to my mind is Why does sudo have write permission for root?

Broadly, suid programs are pretty dangerous and you should grant them as few privileges as possible. You can't get much more restrictive than only execute permission!

If you can read a file, you can disassemble it. And if you can disassemble it you can look for security flaws and make it that little bit easier to discover attack vectors.

sudo is a little more vulnerable to attack than su as you don't always need to supply a password to have privileged access to some resources (depending on how it's set up). This may warrant tighter security.

Related

Is there a way to know if any program is listening to my microphone. Windows 10
How to encrypt data in bitbucket without losing git diff tools?
Laptop Screen Brightness
Temporarily change energy settings without having to change my power plan in Windows 7
Is it safe to use wall-socket -> USB chargers to charge any USB device?
How can I know what is preventing my socket to bind to localhost:50060-50959
Can I modify outgoing request headers with a Chrome Extension?
How to determine what's trying to access my optical drive (emits unusual sounds)?
Will I be able to register my own IPv6 address as an individual?
How to prevent sync of files from the root of Google drive folder
Why do Windows 7 updates take so long to install?
Localhost tcp throughput performance differences