On Wed, Feb 12, 2003 at 03:21:49AM +0000, Jon Masters wrote: > We all know that old chestnut about tracing setuid programs or scripts, > but what about non-setuid scripts which have been installed for users and > given execute only permission. For example, a lot of sites provide scripts > for users to run which perform some admin related function and thus have > usernames or passwords within them - potentially free to users. Making programs execute-only is no security for such things unless you add a lot of weird-and-definately-not-wonderful special cases all over the OS. Even if you stop programs from dumping core if access(executable, R_OK), you can still do LD_PRELOAD/LD_LIBRARY tricks and get access to the process' memory (or just log all library or system calls which gets you all the interesting stuff too, usually), and with a little creativity there's plenty of other ways to get around lack of read rights. -- Frank v Waveren Fingerprint: 21A7 C7F3 fvw@[var.cx|stack.nl|chello.nl] ICQ#10074100 1FF3 47FF 545C CB53 Public key: hkp://wwwkeys.pgp.net/fvw@var.cx 7BD9 09C0 3AC1 6DF2
