[9038] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Wiping out setuid programs

daemon@ATHENA.MIT.EDU (Neale Banks)
Mon Jan 11 13:13:27 1999

Date: 	Mon, 11 Jan 1999 23:19:30 +1100
Reply-To: Neale Banks <neale@LOWENDALE.COM.AU>
From: Neale Banks <neale@LOWENDALE.COM.AU>
X-To:         "D. J. Bernstein" <djb@CR.YP.TO>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <19990109105854.3085.qmail@cr.yp.to>

On Sat, 9 Jan 1999, D. J. Bernstein wrote:

[big snip]
> My favorite workaround is to make the binary unreadable; I haven't found
> any vendors silly enough to allow tracing here. Note that this prohibits
> root-squashed NFS mounting for root-owned binaries.

You are proposing that some significant security is obtained by making an
executable file unreadable?

I thought this one was laid to rest last year in the "Dump a mode
--x--x--x binary on Linux 2.0.x" thread, wherein Martin Mares summarised:

> Semantics of unreadable files is well-defined at file level (i.e.,
> it's defined you cannot read() them), but not at any other level. No
> standard guarantees you that contents of such binaries are not
> accessible in any other way

Regards,
Neale.

home help back first fref pref prev next nref lref last post