[9047] in bugtraq
Re: Wiping out setuid programs
daemon@ATHENA.MIT.EDU (Niall Smart)
Wed Jan 13 13:35:42 1999
Date: Tue, 12 Jan 1999 17:03:22 +0000
Reply-To: Niall Smart <niall@POBOX.COM>
From: Niall Smart <niall@POBOX.COM>
X-To: Neale Banks <neale@LOWENDALE.COM.AU>
To: BUGTRAQ@NETSPACE.ORG
>
> I thought this one was laid to rest last year in the "Dump a mode
> --x--x--x binary on Linux 2.0.x" thread, wherein Martin Mares summarised:
>
> > Semantics of unreadable files is well-defined at file level (i.e.,
> > it's defined you cannot read() them), but not at any other level. No
> > standard guarantees you that contents of such binaries are not
> > accessible in any other way
For the record, the same caveat applies to the semantics of the
immutable file
flag, i.e. files with the immutable and executable file flags do not
lead to
immutable processes. For more see:
http://www.pobox.com/~niall/adv/seclvl.txt
Regards,
Niall