From owner-freebsd-security  Fri Aug 28 22:44:00 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA14658
          for freebsd-security-outgoing; Fri, 28 Aug 1998 22:44:00 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA14650
          for <security@FreeBSD.ORG>; Fri, 28 Aug 1998 22:43:56 -0700 (PDT)
          (envelope-from jkb@best.com)
Received: from localhost (jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id WAA20086;
	Fri, 28 Aug 1998 22:42:53 -0700 (PDT)
X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs
Date: Fri, 28 Aug 1998 22:42:52 -0700 (PDT)
From: "Jan B. Koum " <jkb@best.com>
X-Sender: jkb@shell6.ba.best.com
To: scex <scex@dqc.org>
cc: "Jeffrey J. Mountin" <jeff-ml@mountin.net>, security@FreeBSD.ORG
Subject: Re: Shell history 
In-Reply-To: <Pine.BSF.4.02.9808282218130.29890-100000@dqc.org>
Message-ID: <Pine.BSF.4.02A.9808282239160.19658-100000@shell6.ba.best.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Fri, 28 Aug 1998, scex wrote:

>> >>	Once can just "cp" the executable.
>
>> >But in order to 'cp' you must be able to read.
>
>> >Why have more permissions than needed?
>
>> 	Uhm.. I don't have to read. If I want to execute something and it
>> is in my path, I just "cp `which vi` ./..." and then "./..."
>
>> 	Taking away read permissions from directories such as /bin, /sbin
>> and etc. is just security through obscurity IMHO unless you are doing some
>> other things such as trusted path execution, chroot'ed environment, etc.
>
>[scex@twist] [~]$ cd bin
>[scex@twist] [bin]$ ll bash
>-rwx------  1 scex  users  - 389120 Aug 20 03:31 bash*
>[scex@twist] [bin]$ chmod 711 bash
>[scex@twist] [bin]$ ll bash
>-rwx--x--x  1 scex users   - 389120 Aug 20 03:31 bash*
>[scex@twist] [bin]$ su nobody
>Password:
>[nobody@twist] [bin]$ cp bash /tmp/...
>cp: bash: permission denied
>
>no-one's talking about taking away read permissions from directories
>(although that also has its applications); you have to have read
>permission on a file to be able to copy it (unless you fancy mucking
>around in /proc & streams).
>
>scex
>
>
	Hmm.. you are right, but what will stop an attacker who has
freebsd box or has access to one to download the binary?

-- Yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message