On Fri, 17 Mar 2006, Steven Rostedt wrote:
>
> So I guess if you need to debug a system binary, you need it readable.
> But I guess that can also be a security problem, and having system
> binaries not readable, might make you system a little more secure.
NOTE! The kernel does not guarantee that you can't read execute-only
binaries.
In particular, it's fairly easy to create a shared library that replaces a
system library (LD_LIBRARY_PATH) and then just dumps out the binary image.
So anybody who thinks that 0111 permissions are somehow "more secure" than
0755 is just setting himself up for disappointment. You're much better
off just having all binaries be 0755 and getting the security through
other means.
Basically, you should think of the "executable" bit as a way to say "this
file is appropriate for execve(), and btw, that does imply that we'll need
to read it into memory too". You should _not_ depend on it for security,
although dropping the readability bits will mean that certain -trivial-
programs won't be able to read it.
For example, making a binary unreadable is a perfectly good way to stop a
web browser or other interface from exporting it outside the machine: but
it's not so much about security as about _accidental_ leaking.
So from a security standpoint, you're much better off thinking "executable
means readable", than lulling yourself into some false sense of security.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
