Re: chmod 111

[Linus Torvalds]

On Fri, 17 Mar 2006, Steven Rostedt wrote:
> 
> So I guess if you need to debug a system binary, you need it readable.
> But I guess that can also be a security problem, and having system
> binaries not readable, might make you system a little more secure.

NOTE! The kernel does not guarantee that you can't read execute-only 
binaries.

In particular, it's fairly easy to create a shared library that replaces a 
system library (LD_LIBRARY_PATH) and then just dumps out the binary image.

So anybody who thinks that 0111 permissions are somehow "more secure" than 
0755 is just setting himself up for disappointment.  You're much better 
off just having all binaries be 0755 and getting the security through 
other means.

Basically, you should think of the "executable" bit as a way to say "this 
file is appropriate for execve(), and btw, that does imply that we'll need 
to read it into memory too". You should _not_ depend on it for security, 
although dropping the readability bits will mean that certain -trivial- 
programs won't be able to read it.

For example, making a binary unreadable is a perfectly good way to stop a 
web browser or other interface from exporting it outside the machine: but 
it's not so much about security as about _accidental_ leaking. 

So from a security standpoint, you're much better off thinking "executable 
means readable", than lulling yourself into some false sense of security. 

			Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/