Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932796AbWCQVor (ORCPT ); Fri, 17 Mar 2006 16:44:47 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S932757AbWCQVor (ORCPT ); Fri, 17 Mar 2006 16:44:47 -0500 Received: from linux01.gwdg.de ([134.76.13.21]:36511 "EHLO linux01.gwdg.de") by vger.kernel.org with ESMTP id S932796AbWCQVor (ORCPT ); Fri, 17 Mar 2006 16:44:47 -0500 Date: Fri, 17 Mar 2006 22:44:31 +0100 (MET) From: Jan Engelhardt To: Steven Rostedt cc: Linus Torvalds , Nick Warne , Felipe Alfaro Solana , linux-kernel@vger.kernel.org Subject: Re: chmod 111 In-Reply-To: <1142621728.9478.20.camel@localhost.localdomain> Message-ID: References: <200603171746.18894.nick@linicks.net> <6f6293f10603171007vbf752e5n8a3d6f2d65e0a1e7@mail.gmail.com> <200603171811.01963.nick@linicks.net> <1142620004.9478.13.camel@localhost.localdomain> <1142621728.9478.20.camel@localhost.localdomain> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1308 Lines: 33 >> > So I guess if you need to debug a system binary, you need it readable. >> > But I guess that can also be a security problem, and having system >> > binaries not readable, might make you system a little more secure. >> >> NOTE! The kernel does not guarantee that you can't read execute-only >> binaries. >> [..] >> off just having all binaries be 0755 and getting the security through >> other means. >> >> Basically, you should think of the "executable" bit as a way to say "this >> file is appropriate for execve(), and btw, that does imply that we'll need >> to read it into memory too". You should _not_ depend on it for security, >> although dropping the readability bits will mean that certain -trivial- >> programs won't be able to read it. >> >Yep, I agree whole heartily. I should have stressed the "little" part >in the above quote. "might make your system a __little__ more secure.". -rws--x--x 1 root root 1847788 Sep 16 14:58 /usr/X11R6/bin/Xorg I never could figure out what this permission mask was good for. Jan Engelhardt -- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/