Bugtraq mailing list archives

Re: Wiping out setuid programs

From: niall () POBOX COM (Niall Smart)
Date: Tue, 12 Jan 1999 17:03:22 +0000


I thought this one was laid to rest last year in the "Dump a mode
--x--x--x binary on Linux 2.0.x" thread, wherein Martin Mares summarised:

Semantics of unreadable files is well-defined at file level (i.e.,
it's defined you cannot read() them), but not at any other level. No
standard guarantees you that contents of such binaries are not
accessible in any other way


For the record, the same caveat applies to the semantics of the
immutable file
flag, i.e. files with the immutable and executable file flags do not
lead to
immutable processes.  For more see:

        http://www.pobox.com/~niall/adv/seclvl.txt

Regards,



Niall

Current thread:

Re: Wiping out setuid programs Steve Bellovin (Jan 07)
- Re: Wiping out setuid programs Gene Spafford (Jan 08)
- <Possible follow-ups>
- Re: Wiping out setuid programs D. J. Bernstein (Jan 09)
  - Re: Wiping out setuid programs Alan Cox (Jan 09)
  - Re: Wiping out setuid programs Nick Maclaren (Jan 10)
  - Bind 8.* bug. Alan Brown (Jan 11)
  - Re: Wiping out setuid programs Neale Banks (Jan 11)
- Re: Wiping out setuid programs Steven M. Bellovin (Jan 09)
- Re: Wiping out setuid programs der Mouse (Jan 09)
- Re: Wiping out setuid programs D. J. Bernstein (Jan 10)
- Re: Wiping out setuid programs Niall Smart (Jan 12)