[Zoup]

ROX isn't self-contradictory, Allowing read() and execve(), but denying write() and truncate() are totally valid and common in secure execution contexts, although things gets worse with directory traverse.

So yeah, --rox is fine semantically, just ugly. :D

[teo_zero]

I think the parent poster was not arguing that allowing this combination of accesses is invalid, just that it can't be called read-ONLY if it's not ONLY read.

"Any color the customer wants, as long as it's black"

[zahlman]

I mean that it is not "read-only" if it is also executable.