Re: Interesting suid problem
- From: Owen Taylor <otaylor redhat com>
- To: Valdis Kletnieks vt edu
- Cc: Vincent Arkesteijn <v j arkesteijn utwente nl>, gtk-list gnome org
- Subject: Re: Interesting suid problem
- Date: Sat, 23 Feb 2002 09:39:47 -0500 (EST)
Valdis Kletnieks vt edu writes:
> On Thu, 21 Feb 2002 22:30:54 +0100, Vincent Arkesteijn <v j arkesteijn utwente nl> said:
>
> > Why? Just put the password in the program, and give your users
> > execute permission, but no read permission on the program. It
> > may not be too elegant, and it's a bit clumsy when you want to
> > change the password, but it's the simplest solution.
>
> Still vulnerable to attack via gdb/dbx or ptrace(), but that's a
> question of whether your threat model includes somebody both that
> determined and skilled...
You can't gdb/ptrace a non-readable executable on most operating systems.
Regards,
Owen
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]