Re: Interesting suid problem

From: Owen Taylor <otaylor redhat com>
To: Valdis Kletnieks vt edu
Cc: Vincent Arkesteijn <v j arkesteijn utwente nl>, gtk-list gnome org
Subject: Re: Interesting suid problem
Date: Sat, 23 Feb 2002 09:39:47 -0500 (EST)

Valdis Kletnieks vt edu writes:

> On Thu, 21 Feb 2002 22:30:54 +0100, Vincent Arkesteijn <v j arkesteijn utwente nl>  said:
> 
> > Why? Just put the password in the program, and give your users
> > execute permission, but no read permission on the program. It
> > may not be too elegant, and it's a bit clumsy when you want to
> > change the password, but it's the simplest solution.
> 
> Still vulnerable to attack via gdb/dbx or ptrace(), but that's a
> question of whether your threat model includes somebody both that
> determined and skilled...

You can't gdb/ptrace a non-readable executable on most operating systems.

Regards,
                                        Owen

References:
- Interesting suid problem
  - From: Jeff Shipman - SysProg
- Re: Interesting suid problem
  - From: Vincent Arkesteijn
- Re: Interesting suid problem
  - From: Valdis . Kletnieks

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]