[9038] in bugtraq
Re: Wiping out setuid programs
daemon@ATHENA.MIT.EDU (Neale Banks)
Mon Jan 11 13:13:27 1999
Date: Mon, 11 Jan 1999 23:19:30 +1100
Reply-To: Neale Banks <neale@LOWENDALE.COM.AU>
From: Neale Banks <neale@LOWENDALE.COM.AU>
X-To: "D. J. Bernstein" <djb@CR.YP.TO>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990109105854.3085.qmail@cr.yp.to>
On Sat, 9 Jan 1999, D. J. Bernstein wrote:
[big snip]
> My favorite workaround is to make the binary unreadable; I haven't found
> any vendors silly enough to allow tracing here. Note that this prohibits
> root-squashed NFS mounting for root-owned binaries.
You are proposing that some significant security is obtained by making an
executable file unreadable?
I thought this one was laid to rest last year in the "Dump a mode
--x--x--x binary on Linux 2.0.x" thread, wherein Martin Mares summarised:
> Semantics of unreadable files is well-defined at file level (i.e.,
> it's defined you cannot read() them), but not at any other level. No
> standard guarantees you that contents of such binaries are not
> accessible in any other way
Regards,
Neale.