Re: chmod 111

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> > So I guess if you need to debug a system binary, you need it readable.
>> > But I guess that can also be a security problem, and having system
>> > binaries not readable, might make you system a little more secure.
>> 
>> NOTE! The kernel does not guarantee that you can't read execute-only 
>> binaries.
>> 
[..]
>> off just having all binaries be 0755 and getting the security through 
>> other means.
>> 
>> Basically, you should think of the "executable" bit as a way to say "this 
>> file is appropriate for execve(), and btw, that does imply that we'll need 
>> to read it into memory too". You should _not_ depend on it for security, 
>> although dropping the readability bits will mean that certain -trivial- 
>> programs won't be able to read it.
>> 
>Yep, I agree whole heartily.  I should have stressed the "little" part
>in the above quote. "might make your system a __little__ more secure.".

-rws--x--x  1 root root 1847788 Sep 16 14:58 /usr/X11R6/bin/Xorg

I never could figure out what this permission mask was good for.



Jan Engelhardt
-- 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux