Re: Unreadable binaries
Sorry. Wrong mail. ^^' -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Unreadable binaries
> I just saw this article about an effort to create Universal binary style ELF > binaries for Linux, and I thought that this would be something to watch, so > that Fedora could integrate both x86-32 and x86-64 into single DVD sets. I don't suggest to do that. As already mentioned, that would double the size of the distro/iso. I would use this technic only, if neccessary. About "fat-elf" in general: As long as it is optional, I am fine with it. May it at compile time or after compiling by stripping binaries. (I'd like to see both options.) -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Unreadable binaries
On Thu, Oct 22, 2009 at 09:59:00AM -0400, Stephen Smalley wrote: > On Thu, 2009-10-22 at 09:48 -0400, Adam Jackson wrote: > > On Thu, 2009-10-22 at 11:04 +0100, Richard W.M. Jones wrote: > > > $ ll /usr/libexec/pt_chown > > > -rws--x--x 1 root root 28418 2009-09-28 13:42 /usr/libexec/pt_chown > > > $ ll /usr/bin/chsh > > > -rws--x--x 1 root root 18072 2009-10-05 16:28 /usr/bin/chsh > > > > > > What is the purpose of making binaries like these unreadable? > > > > > > Originally I thought it was something to do with them being setuid, > > > but there are counterexamples: > > > > > > $ ll /usr/bin/passwd > > > -rwsr-xr-x 1 root root 25336 2009-09-14 13:14 /usr/bin/passwd > > > > Historically, the kernel considers read permission on a binary to be a > > prerequisite for generating core dumps on fatal signal; which you > > typically want to prevent, since that becomes a way to read /etc/shadow. > > > > Pretty sure that's still the case, which means any u+s binaries with > > group/other read permission are bugs. > > dumpable flag gets cleared for suid/sgid binaries (as well as for > non-readable binaries). Stephen, what would be your advice if I asked for these binaries to become readable by non-root users? [It's not crucial at the moment, however, just reduces the effectiveness of febootstrap a little] Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://et.redhat.com/~rjones/libguestfs/ See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Unreadable binaries
On Thu, 2009-10-22 at 09:48 -0400, Adam Jackson wrote: > On Thu, 2009-10-22 at 11:04 +0100, Richard W.M. Jones wrote: > > $ ll /usr/libexec/pt_chown > > -rws--x--x 1 root root 28418 2009-09-28 13:42 /usr/libexec/pt_chown > > $ ll /usr/bin/chsh > > -rws--x--x 1 root root 18072 2009-10-05 16:28 /usr/bin/chsh > > > > What is the purpose of making binaries like these unreadable? > > > > Originally I thought it was something to do with them being setuid, > > but there are counterexamples: > > > > $ ll /usr/bin/passwd > > -rwsr-xr-x 1 root root 25336 2009-09-14 13:14 /usr/bin/passwd > > Historically, the kernel considers read permission on a binary to be a > prerequisite for generating core dumps on fatal signal; which you > typically want to prevent, since that becomes a way to read /etc/shadow. > > Pretty sure that's still the case, which means any u+s binaries with > group/other read permission are bugs. dumpable flag gets cleared for suid/sgid binaries (as well as for non-readable binaries). -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Unreadable binaries
On Thu, 2009-10-22 at 11:04 +0100, Richard W.M. Jones wrote: > $ ll /usr/libexec/pt_chown > -rws--x--x 1 root root 28418 2009-09-28 13:42 /usr/libexec/pt_chown > $ ll /usr/bin/chsh > -rws--x--x 1 root root 18072 2009-10-05 16:28 /usr/bin/chsh > > What is the purpose of making binaries like these unreadable? > > Originally I thought it was something to do with them being setuid, > but there are counterexamples: > > $ ll /usr/bin/passwd > -rwsr-xr-x 1 root root 25336 2009-09-14 13:14 /usr/bin/passwd Historically, the kernel considers read permission on a binary to be a prerequisite for generating core dumps on fatal signal; which you typically want to prevent, since that becomes a way to read /etc/shadow. Pretty sure that's still the case, which means any u+s binaries with group/other read permission are bugs. - ajax signature.asc Description: This is a digitally signed message part -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Unreadable binaries
$ ll /usr/libexec/pt_chown -rws--x--x 1 root root 28418 2009-09-28 13:42 /usr/libexec/pt_chown $ ll /usr/bin/chsh -rws--x--x 1 root root 18072 2009-10-05 16:28 /usr/bin/chsh What is the purpose of making binaries like these unreadable? Originally I thought it was something to do with them being setuid, but there are counterexamples: $ ll /usr/bin/passwd -rwsr-xr-x 1 root root 25336 2009-09-14 13:14 /usr/bin/passwd Surely there is no possible secret in those binaries, since an attacker could just as easily download the binary RPMs on another machine in order to find out what is inside them. There's a genuine reason for me asking about this. When we build the libguestfs supermin appliance[1] we would like to be able to read these binaries as non-root. Rich. [1] http://libguestfs.org/README.txt section "Supermin appliance" -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://et.redhat.com/~rjones/virt-df/ -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
