Just because you don't have enough imagination to conceive of a use for the
--x permission does not mean that it should not be correctly implemented by
the kernel.
Think of a network service that accepts a connection, requires a password,
then allows access to some commands. Now imagine that I, the holder of the
password, want to allow public access to one (and only one) of the commands.
So I write this:
int main(void)
{
const char *mypassword="seckrit";
connect_to_service();
send_password(mypassword);
do_command("some safe command");
}
and I make it mode 711.
Yes, this is a stupid way to do things, but it should work, it follows from
the obvious interpretation of the permission bits, and it's not just
hypothetical -- it's called "pmwho", and people really use it (Though not
me).
Now, if we can all agree that --x is meaningful and should be supported,
let's get on with the discussion of what needs to be fixed. All of the
problems that have been mentioned so could be fixed by the adoption of a
simple policy: treat the execve() of a non-readable program to be equivalent
to the execve() of a setuid program. And they really are pretty much
equivalent in purpose.
This means disabling ptrace, and turning off the dumpable flag, and I don't
know offhand how ld-linux.so detects setuid for the purpose of ignoring LD_*,
but it should probably be tied to the dumpable flag.
-- Alan Curry- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/