Re: chmod 111

On Fri, 2006-03-17 at 10:43 -0800, Linus Torvalds wrote:
> 
> On Fri, 17 Mar 2006, Steven Rostedt wrote:
> > 
> > So I guess if you need to debug a system binary, you need it readable.
> > But I guess that can also be a security problem, and having system
> > binaries not readable, might make you system a little more secure.
> 
> NOTE! The kernel does not guarantee that you can't read execute-only 
> binaries.
> 
> In particular, it's fairly easy to create a shared library that replaces a 
> system library (LD_LIBRARY_PATH) and then just dumps out the binary image.
> 
> So anybody who thinks that 0111 permissions are somehow "more secure" than 
> 0755 is just setting himself up for disappointment.  You're much better 
> off just having all binaries be 0755 and getting the security through 
> other means.
> 
> Basically, you should think of the "executable" bit as a way to say "this 
> file is appropriate for execve(), and btw, that does imply that we'll need 
> to read it into memory too". You should _not_ depend on it for security, 
> although dropping the readability bits will mean that certain -trivial- 
> programs won't be able to read it.
> 
> For example, making a binary unreadable is a perfectly good way to stop a 
> web browser or other interface from exporting it outside the machine: but 
> it's not so much about security as about _accidental_ leaking. 
> 
> So from a security standpoint, you're much better off thinking "executable 
> means readable", than lulling yourself into some false sense of security. 

Yep, I agree whole heartily.  I should have stressed the "little" part
in the above quote. "might make your system a __little__ more secure.".
I didn't want to get into the details that you described, but you are
entirely right.  I just wanted to note that it does stop someone at some
level. But it's more of an annoyance to someone with a little more
experience in hacking into a computer.

But since it does stop some amateur's does give it some weight to
actually do it.  But it is far from actually protecting yourself from a
more devious cracker.

But thanks for the critical disclaimer.

-- Steve


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: chmod 111
    • From: Jan Engelhardt <[email protected]>

• References:
  • chmod 111
    • From: Nick Warne <[email protected]>
  • Re: chmod 111
    • From: Nick Warne <[email protected]>
  • Re: chmod 111
    • From: Steven Rostedt <[email protected]>
  • Re: chmod 111
    • From: Linus Torvalds <[email protected]>

• Prev by Date: Re: [RFC] Proposed manpage additions for ptrace(2)
• Next by Date: Re: uml build problem 2.6.15.6/2.6.16rc6
• Previous by thread: Re: chmod 111
• Next by thread: Re: chmod 111
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]