Re: chmod 111

From: Steven Rostedt
Date: Fri Mar 17 2006 - 13:52:52 EST


On Fri, 2006-03-17 at 10:43 -0800, Linus Torvalds wrote:
>
> On Fri, 17 Mar 2006, Steven Rostedt wrote:
> >
> > So I guess if you need to debug a system binary, you need it readable.
> > But I guess that can also be a security problem, and having system
> > binaries not readable, might make you system a little more secure.
>
> NOTE! The kernel does not guarantee that you can't read execute-only
> binaries.
>
> In particular, it's fairly easy to create a shared library that replaces a
> system library (LD_LIBRARY_PATH) and then just dumps out the binary image.
>
> So anybody who thinks that 0111 permissions are somehow "more secure" than
> 0755 is just setting himself up for disappointment. You're much better
> off just having all binaries be 0755 and getting the security through
> other means.
>
> Basically, you should think of the "executable" bit as a way to say "this
> file is appropriate for execve(), and btw, that does imply that we'll need
> to read it into memory too". You should _not_ depend on it for security,
> although dropping the readability bits will mean that certain -trivial-
> programs won't be able to read it.
>
> For example, making a binary unreadable is a perfectly good way to stop a
> web browser or other interface from exporting it outside the machine: but
> it's not so much about security as about _accidental_ leaking.
>
> So from a security standpoint, you're much better off thinking "executable
> means readable", than lulling yourself into some false sense of security.

Yep, I agree whole heartily. I should have stressed the "little" part
in the above quote. "might make your system a __little__ more secure.".
I didn't want to get into the details that you described, but you are
entirely right. I just wanted to note that it does stop someone at some
level. But it's more of an annoyance to someone with a little more
experience in hacking into a computer.

But since it does stop some amateur's does give it some weight to
actually do it. But it is far from actually protecting yourself from a
more devious cracker.

But thanks for the critical disclaimer.

-- Steve


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/