Bugtraq mailing list archives
Re: Wiping out setuid programs
From: neale () LOWENDALE COM AU (Neale Banks)
Date: Mon, 11 Jan 1999 23:19:30 +1100
On Sat, 9 Jan 1999, D. J. Bernstein wrote: [big snip]
My favorite workaround is to make the binary unreadable; I haven't found any vendors silly enough to allow tracing here. Note that this prohibits root-squashed NFS mounting for root-owned binaries.
You are proposing that some significant security is obtained by making an executable file unreadable? I thought this one was laid to rest last year in the "Dump a mode --x--x--x binary on Linux 2.0.x" thread, wherein Martin Mares summarised:
Semantics of unreadable files is well-defined at file level (i.e., it's defined you cannot read() them), but not at any other level. No standard guarantees you that contents of such binaries are not accessible in any other way
Regards, Neale.
Current thread:
- Re: Wiping out setuid programs Steve Bellovin (Jan 07)
- Re: Wiping out setuid programs Gene Spafford (Jan 08)
- <Possible follow-ups>
- Re: Wiping out setuid programs D. J. Bernstein (Jan 09)
- Re: Wiping out setuid programs Alan Cox (Jan 09)
- Re: Wiping out setuid programs Nick Maclaren (Jan 10)
- Bind 8.* bug. Alan Brown (Jan 11)
- Re: Wiping out setuid programs Neale Banks (Jan 11)
- Re: Wiping out setuid programs Steven M. Bellovin (Jan 09)
- Re: Wiping out setuid programs der Mouse (Jan 09)
- Re: Wiping out setuid programs D. J. Bernstein (Jan 10)
- Re: Wiping out setuid programs Niall Smart (Jan 12)