[7958] in bugtraq
Re: Dump a mode --x--x--x binary on Linux 2.0.x
daemon@ATHENA.MIT.EDU (Martin Mares)
Thu Sep 17 12:08:49 1998
Date: Thu, 17 Sep 1998 09:18:10 +0200
Reply-To: Martin Mares <mj@UCW.CZ>
From: Martin Mares <mj@UCW.CZ>
X-To: David Luyer <luyer@UCS.UWA.EDU.AU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199809160318.LAA13423@typhaon.ucs.uwa.edu.au>; from David Luyer
on Wed, Sep 16, 1998 at 11:18:47AM +0800
> Being able to override the expectations of those programs which are installed
> mode 111 _is_ a security problem in that it violates expected semantics and
> that when a given Unix variant makes any attempt to enforce these semantics
> it should make sure it completely enforces them, instead of giving a false
> sense of security. Sound like "security by obscurity" to anyone?
Semantics of unreadable files is well-defined at file level (i.e., it's
defined you cannot read() them), but not at any other level. No standard
guarantees you that contents of such binaries are not accessible in any other
way, so relying on it in order to secure things does sound like "security by
obscurity" to me.
Enforcing real unreadability on the PC is very hard, given the fact i386
does not support execute-only pages.
Have a nice fortnight
--
Martin `MJ' Mares <mj@ucw.cz> http://atrey.karlin.mff.cuni.cz/~mj/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
"What color is a chameleon on a mirror?"
