Re: chmod 111

From: Steven Rostedt
Date: Fri Mar 17 2006 - 13:24:17 EST

Next message: Sanjoy Mahajan: "Re: 2.6.16-rc5: known regressions [TP 600X S3, vanilla DSDT]"
Previous message: Phillip Susi: "Re: chmod 111"
In reply to: Nick Warne: "Re: chmod 111"
Next in thread: Linus Torvalds: "Re: chmod 111"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2006-03-17 at 18:11 +0000, Nick Warne wrote:
> On Friday 17 March 2006 18:07, Felipe Alfaro Solana wrote:
> > > I shouldn't be able to execute 'ls' as I can't read it, shouldn't it?
> >
> > Nop... you can execute binaries even if the read permission is not
> > granted. Note that I said "binaries". Shell script files need read and
> > execute permission, since they must be read by a shell interpreter in
> > order to get executed.
>
> Hi Felipe,
>
> First, apologies as this isn't kernel issue (but related, I suppose).
>
> Yes, I see now after much messing about. Why then are most binaries chmod
> 755? Who would need (why) to read a [system] binary?

Well, I guess you can't ptrace an executable that you can't read.

# cd /bin
# ls -l ls
-rwxr-xr-x 1 root root 80008 2006-03-02 15:08 ls
# chmod 711 ls
# ls -l ls
-rwx--x--x 1 root root 80008 2006-03-02 15:08 ls

$ cd /bin
$ ls -l ls
-rwx--x--x 1 root root 80008 2006-03-02 15:08 ls
$ gdb
GNU gdb 6.4-debian
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i486-linux-gnu".
(gdb) file /bin/ls
/bin/ls: Permission denied.
(gdb)

# chmod 755 ls

(gdb) file /bin/ls
Reading symbols from /bin/ls...(no debugging symbols found)...done.
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(gdb)

So I guess if you need to debug a system binary, you need it readable.
But I guess that can also be a security problem, and having system
binaries not readable, might make you system a little more secure.

-- Steve

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sanjoy Mahajan: "Re: 2.6.16-rc5: known regressions [TP 600X S3, vanilla DSDT]"
Previous message: Phillip Susi: "Re: chmod 111"
In reply to: Nick Warne: "Re: chmod 111"
Next in thread: Linus Torvalds: "Re: chmod 111"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]