Re: Solaris Signals

[Frank v Waveren <fvw () var cx>]

On Wed, Feb 12, 2003 at 03:21:49AM +0000, Jon Masters wrote:
> We all know that old chestnut about tracing setuid programs or scripts,
> but what about non-setuid scripts which have been installed for users and
> given execute only permission. For example, a lot of sites provide scripts
> for users to run which perform some admin related function and thus have
> usernames or passwords within them - potentially free to users.

Making programs execute-only is no security for such things unless you
add a lot of weird-and-definately-not-wonderful special cases all over
the OS. Even if you stop programs from dumping core if
access(executable, R_OK), you can still do LD_PRELOAD/LD_LIBRARY tricks
and get access to the process' memory (or just log all library or system
calls which gets you all the interesting stuff too, usually), and with
a little creativity there's plenty of other ways to get around lack of
read rights. 

-- 
Frank v Waveren                                      Fingerprint: 21A7 C7F3
fvw@[var.cx|stack.nl|chello.nl] ICQ#10074100            1FF3 47FF 545C CB53
Public key: hkp://wwwkeys.pgp.net/fvw () var cx            7BD9 09C0 3AC1 6DF2