Re: Unreadable binaries
I just saw this article about an effort to create Universal binary style ELF binaries for Linux, and I thought that this would be something to watch, so that Fedora could integrate both x86-32 and x86-64 into single DVD sets. I don't suggest to do that. As already mentioned, that would double the size of the distro/iso. I would use this technic only, if neccessary. About fat-elf in general: As long as it is optional, I am fine with it. May it at compile time or after compiling by stripping binaries. (I'd like to see both options.) -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Unreadable binaries
Sorry. Wrong mail. ^^' -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Unreadable binaries
On Thu, 2009-10-22 at 09:48 -0400, Adam Jackson wrote: On Thu, 2009-10-22 at 11:04 +0100, Richard W.M. Jones wrote: $ ll /usr/libexec/pt_chown -rws--x--x 1 root root 28418 2009-09-28 13:42 /usr/libexec/pt_chown $ ll /usr/bin/chsh -rws--x--x 1 root root 18072 2009-10-05 16:28 /usr/bin/chsh What is the purpose of making binaries like these unreadable? Originally I thought it was something to do with them being setuid, but there are counterexamples: $ ll /usr/bin/passwd -rwsr-xr-x 1 root root 25336 2009-09-14 13:14 /usr/bin/passwd Historically, the kernel considers read permission on a binary to be a prerequisite for generating core dumps on fatal signal; which you typically want to prevent, since that becomes a way to read /etc/shadow. Pretty sure that's still the case, which means any u+s binaries with group/other read permission are bugs. dumpable flag gets cleared for suid/sgid binaries (as well as for non-readable binaries). -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Unreadable binaries
On Thu, Oct 22, 2009 at 09:59:00AM -0400, Stephen Smalley wrote: On Thu, 2009-10-22 at 09:48 -0400, Adam Jackson wrote: On Thu, 2009-10-22 at 11:04 +0100, Richard W.M. Jones wrote: $ ll /usr/libexec/pt_chown -rws--x--x 1 root root 28418 2009-09-28 13:42 /usr/libexec/pt_chown $ ll /usr/bin/chsh -rws--x--x 1 root root 18072 2009-10-05 16:28 /usr/bin/chsh What is the purpose of making binaries like these unreadable? Originally I thought it was something to do with them being setuid, but there are counterexamples: $ ll /usr/bin/passwd -rwsr-xr-x 1 root root 25336 2009-09-14 13:14 /usr/bin/passwd Historically, the kernel considers read permission on a binary to be a prerequisite for generating core dumps on fatal signal; which you typically want to prevent, since that becomes a way to read /etc/shadow. Pretty sure that's still the case, which means any u+s binaries with group/other read permission are bugs. dumpable flag gets cleared for suid/sgid binaries (as well as for non-readable binaries). Stephen, what would be your advice if I asked for these binaries to become readable by non-root users? [It's not crucial at the moment, however, just reduces the effectiveness of febootstrap a little] Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://et.redhat.com/~rjones/libguestfs/ See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
