On 7/23/07, Bernd Petrovitsch <bernd@xxxxxxxxx> wrote:
On Mon, 2007-07-23 at 10:19 +0530, pradeep singh wrote:
> On 7/21/07, Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> wrote:
> > Hi...
> >
> > > [root@jaspion tmp]# su jorge
> > > [jorge@jaspion tmp]$ ./prog
> > > bash: ./prog: Permission Deny
> > > [jorge@jaspion tmp]$ ls -la prog
> > > -rwxr--r-- 1 root root 6648 2007-07-21 11:21 prog
> > > [jorge@jaspion tmp]$ /lib/ld-linux.so.2 ./prog
> > > huhu! o/
> > > [jorge@jaspion tmp]$
> > >
> > > it's bug? or the "ld-linux" read the elf and execute? so, dynamic
> > > linker/loader?
> > That's correct behaviour. AFAIK, ld-linux.so could sometimes works as
> > loader (as we all know), but it can be invoked as executable. In the
> > latter case, you provide an ELF executable and it will run it.
> > Summary: to make a binary un-executable for certain uid, you can't
> > just do it by taking off its executable permission bits, but also
> > takes the same bits from ld-linux.so.
> But it is kind of lame , isn't it?
Not really. As long as you can read it, you can also copy it over to a
new file, change the permissions on that file and execute it anyways. So
why bother?
> I mean you get access to ld.so and bang you can execute a binary
> though you were not supposed to :-/.
See above - then you have to take the read permission also away.
aah... there you are.
Got it :-).
thanks for flushing the junk out.
--psr
> I guess thats just not justified. But may be *nixs have all inherited
> the KISS thing and may be this is why it is simple though it may be a
> little compromising fact.
Bernd
--
Firmix Software GmbH http://www.firmix.at/
mobil: +43 664 4416156 fax: +43 1 7890849-55
Embedded Linux Development and Services
--
play the game
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
