Permissions problem on affected distros

On my servers:
$ find / -xdev -perm -4000 -printf "%M %p\n" 2>/dev/null
-rwsr-x--x /bin/mount
-rws--x--x /bin/ping
-rws--x--x /bin/ping6
-rwsr-x--x /bin/su
-rwsr-x--x /bin/umount
-r-sr-x--x /usr/bin/crontab
-rwsr-x--x /usr/bin/passwd
---s--x--x /usr/bin/sudo

IMHO there is zero reason for leaving a setuid binary world-readable. I started doing this 30 years ago after I found myself as a student able to disassemble them to attack them (though with availability of standard distros nowadays this is no longer a protection), but it still protects against local rootkits that search for patterns or signatures to deliver a different payload. And here it will just make the exploit fail since an unprivileged user doesn't have the permissions to open the file. With that said, it's sufficient to find *one* setuid binary to enable the exploit but on a sane system there should be zero both setuid and world readable.

Looking at my systems on Slackware, most setuid binaries (including /bin/su) are not readable either, though some are. Thus the "every distro since 2017" on the site is a bit exaggerated, it's probably "most major distros".