On Fri, 02 Dec 2005 23:22:59 +0100 Morten Nilsen <[EMAIL PROTECTED]> babbled:
> Michael Jennings wrote: > >> I agree that one should apply all security measures possible, but > >> removing read permissions on stock binaries isn't one of them, IMHO. > >> Be paranoid, but apply it with some reason :-) > > > > Being able to read an executable allows one to disassemble it. This > > can make formulating attacks against it easier. > > while being an excellent argument with proprietary software, last I > checked.. the source for most linux binaries is available on the interweb ;) i'ts still harmless to do so - and as mej said. a good practice. we have bigger problems in one respect that the security paranoid will have an suid root binary installed that any user on the system can use to speed up or slow down the cpu. we currently have NO way of limitng access for this to the "console user only" or certain sets of users (some users can log in via ssh/etc. only othershave console access). right now we are punting this off to package maintainers to set the group of the exe appropriately (some distributions have console groups) and the permissions based on their secuirty policy. the default out-of-the-box security is good for workstations where the only people logging in are console users generally and you generally trust any users remote-logging in that they just wont play with this stuff and "be nice". yes we probably can do better :) -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [EMAIL PROTECTED] 裸好多 Tokyo, Japan (東京 日本) ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ enlightenment-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-users
