Unreadable binaries
Stephen Smalley
sds at tycho.nsa.gov
Thu Oct 22 13:59:00 UTC 2009
On Thu, 2009-10-22 at 09:48 -0400, Adam Jackson wrote:
> On Thu, 2009-10-22 at 11:04 +0100, Richard W.M. Jones wrote:
> > $ ll /usr/libexec/pt_chown
> > -rws--x--x 1 root root 28418 2009-09-28 13:42 /usr/libexec/pt_chown
> > $ ll /usr/bin/chsh
> > -rws--x--x 1 root root 18072 2009-10-05 16:28 /usr/bin/chsh
> >
> > What is the purpose of making binaries like these unreadable?
> >
> > Originally I thought it was something to do with them being setuid,
> > but there are counterexamples:
> >
> > $ ll /usr/bin/passwd
> > -rwsr-xr-x 1 root root 25336 2009-09-14 13:14 /usr/bin/passwd
>
> Historically, the kernel considers read permission on a binary to be a
> prerequisite for generating core dumps on fatal signal; which you
> typically want to prevent, since that becomes a way to read /etc/shadow.
>
> Pretty sure that's still the case, which means any u+s binaries with
> group/other read permission are bugs.
dumpable flag gets cleared for suid/sgid binaries (as well as for
non-readable binaries).
--
Stephen Smalley
National Security Agency
More information about the fedora-devel-list
mailing list