Re: chmod 111
From: Jan Engelhardt
Date: Fri Mar 17 2006 - 16:42:58 EST
>> > So I guess if you need to debug a system binary, you need it readable.
>> > But I guess that can also be a security problem, and having system
>> > binaries not readable, might make you system a little more secure.
>>
>> NOTE! The kernel does not guarantee that you can't read execute-only
>> binaries.
>>
[..]
>> off just having all binaries be 0755 and getting the security through
>> other means.
>>
>> Basically, you should think of the "executable" bit as a way to say "this
>> file is appropriate for execve(), and btw, that does imply that we'll need
>> to read it into memory too". You should _not_ depend on it for security,
>> although dropping the readability bits will mean that certain -trivial-
>> programs won't be able to read it.
>>
>Yep, I agree whole heartily. I should have stressed the "little" part
>in the above quote. "might make your system a __little__ more secure.".
-rws--x--x 1 root root 1847788 Sep 16 14:58 /usr/X11R6/bin/Xorg
I never could figure out what this permission mask was good for.
Jan Engelhardt
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/