Re: can i modify ls

From: Richard B. Johnson
Date: Tue Feb 24 2004 - 13:48:00 EST

Next message: David S. Miller: "Re: network / performance problems"
Previous message: Ron Peterson: "Re: network / performance problems"
In reply to: Tomas Szepe: "Re: can i modify ls"
Next in thread: Denis Vlasenko: "Re: can i modify ls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 24 Feb 2004, Tomas Szepe wrote:

> On Feb-24 2004, Tue, 11:44 -0500
> Richard B. Johnson <root@xxxxxxxxxxxxxxxxxx> wrote:
>
> > On Tue, 24 Feb 2004, Tomas Szepe wrote:
> >
> > > On Feb-24 2004, Tue, 15:55 +0000
> > > Alessandro Salvatori <a.salvatori@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> > >
> > > > it's quite interesting...
> > >
> > > Actually, it's not.
> > >
> > > 1) The presence/absence of the read permission on a directory determines
> > > whether the user will be able to list the directory's contents.
> > >
> > > 2) The fs permission model is enforced by the kernel. Trying to impose
> > > additional restrictions in userspace is fragile, futile and
> > > an incredibly stupid idea.
> >
> > If you don't have any programming tools and no access to any (like
> > a banking or restrictive office environment), and there is no
> > way to get any external executable files to run, i.e., no floppy
> > or no shell that could possibly access one, then writing a minimal
> > 'ls' program that allows the clerk to see what's in her directory
> > might be useful.
>
> So what is it exactly that prevents the admin from running /bin/chmod
> in the setup you're describing?

No such program. FYI, there are lots of systems where the root file-system
has a very limited set of tools, sometimes it's on NFS. The machine needs
to be booted with a different root for maintenance. This is even
commonplace for store cash-register, and resturant menu setups
where there is a "server" in the back room that needs to be restarted
in a maintenance mode, been that way since DOS 3.0. A system is
secure if (1) there are no tools available to harm it, and (2) if
the box that contains additional tools is (physically) locked up.

Cheers,
Dick Johnson
Penguin : Linux version 2.4.24 on an i686 machine (797.90 BogoMips).
Note 96.31% of all statistics are fiction.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David S. Miller: "Re: network / performance problems"
Previous message: Ron Peterson: "Re: network / performance problems"
In reply to: Tomas Szepe: "Re: can i modify ls"
Next in thread: Denis Vlasenko: "Re: can i modify ls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]