It was one of those restrictions that seemed unjustified to me but I figured someone smarter than I had seen a reason.

rcxdude 16 hours ago | parent | next [-]

It would need at least a little bit of thought with suid binaries.

	▲	charcircuit 14 hours ago \| parent [-]
		Suid binaries were a bad idea and should be removed anyways.

▲

gear54rus 17 hours ago | parent | prev | next [-]

Yeah.. I'm sitting here wondering how many years would it take to remove equally stupid error that says 'private key permissions too open' from ssh-add and friends.

Would save me a wrapper script on my flashdrive that does hacks like loading it from stdin or moving it to temp file.

	▲	TZubiri 16 hours ago \| parent [-]
		It's just a nice security measure.

▲

TZubiri 16 hours ago | parent | prev [-]

Imagine if you wanted to enter a bank safe, but your key doesn't fit the lock. If you were able to change the lock, you would bypass the lock mechanism, rendering it useless

▲

JadeNB 14 hours ago | parent [-]

But imagine if you were the bank-safe owner. Shouldn't you be able to change the lock?

	▲	TZubiri 11 hours ago \| parent [-]
		That would be what root is. I think a more appropriate question would be, if the key fits, couldn't you change the lock? Maybe, that would give you 3 abilities. 1 Lock yourself out if you please? Not terrible 2 Provide access to others, which makes sense since you already have access to the file, you could theoretically share it through other channels, you naturally cannot prevent this. 3. Lock others out. This one is less of a security risk and more of a nuisance risk. I think the unix model is simple, maybe selinux offers more sophistication. That said the unix chown behaviour could have gone either way in terms of security, but in terms of design it makes sense as is.