Bugtraq mailing list archives
Re: Dump a mode --x--x--x binary on Linux 2.0.x
From: mj () UCW CZ (Martin Mares)
Date: Thu, 17 Sep 1998 09:18:10 +0200
Being able to override the expectations of those programs which are installed mode 111 _is_ a security problem in that it violates expected semantics and that when a given Unix variant makes any attempt to enforce these semantics it should make sure it completely enforces them, instead of giving a false sense of security. Sound like "security by obscurity" to anyone?
Semantics of unreadable files is well-defined at file level (i.e., it's
defined you cannot read() them), but not at any other level. No standard
guarantees you that contents of such binaries are not accessible in any other
way, so relying on it in order to secure things does sound like "security by
obscurity" to me.
Enforcing real unreadability on the PC is very hard, given the fact i386
does not support execute-only pages.
Have a nice fortnight
--
Martin `MJ' Mares <mj () ucw cz> http://atrey.karlin.mff.cuni.cz/~mj/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
"What color is a chameleon on a mirror?"
Current thread:
- Dump a mode --x--x--x binary on Linux 2.0.x David Luyer (Sep 14)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Alan Cox (Sep 15)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Casper Dik (Sep 15)
- <Possible follow-ups>
- Re: Dump a mode --x--x--x binary on Linux 2.0.x David Luyer (Sep 15)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Neale Banks (Sep 16)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Martin Mares (Sep 17)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Alan Cox (Sep 15)