Re: SUID program removal
From: Jason Giglio (jgiglio@smythco.com)Date: 10/22/01
- Previous message: Skip Carter: "Re: Chrooting Openssh"
- In reply to: Seth Arnold: "Re: SUID program removal"
- Next in thread: Johannes B. Ullrich: "Re: SUID program removal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Oct 2001 14:26:25 -0400 From: Jason Giglio <jgiglio@smythco.com> To: Seth Arnold <sarnold@wirex.com>, focus-linux@securityfocus.com Subject: Re: SUID program removal Message-Id: <20011022142625.276d0806.jgiglio@smythco.com>
Seth Wrote:
> > What's the point of 511 rather than 500?
>
> Sometimes, one wants standard users to be able to execute the setuid
> programs. Afterall, if one didn't want anyone but root to run the
> program, it doesn't really need the setuid bit anyway, does it? :)
Just to end this part of this thread, the reason I asked that was I was under the erroneous impression that one could not execute what one could not read.
It is somewhat true with #! scripts, but Charles Clancy showed me how that can be done also, using setuid bits, and Paul Timmins pointed out that kernel run binaries don't ever need the read bit set to be able to execute.
Now I just need to hunt down the authors of the book where I read the gross oversimplification that lead me to this belief. Kochan and Wood, I'm looking for you! :)
--Jason
- Previous message: Skip Carter: "Re: Chrooting Openssh"
- In reply to: Seth Arnold: "Re: SUID program removal"
- Next in thread: Johannes B. Ullrich: "Re: SUID program removal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
