On 7/23/2020 7:44 AM, charlie derr wrote:
While it would still *technically* be security by obscurity, it would
seem to me that there's some value to this approach because access to
the compiled binary wouldn't necessarily be easy to obtain (especially
if the sysadmin provisioning the system takes extra efforts to *not*
share it with anyone). Or am i missing something?
I don't think there is much value because getting access isn't only done
by buffer overflows and such on compiled programs. If you can find one
then sure you might be able to get root access if the program you break
into is running at root. But you can do an awful lot of damage by
merely having unprivileged access. All you need is authentication
credentials and regular users are horrible about keeping
their credentials private.
In fact the only place I can see a whole lot of value to is the
manufacturers of cell phones since companies like Verizon lock the boot
loaders as they do not wish owners of their phones to root them and
get rid of annoying Verizon advertising and other suchlike. Rooting
those devices is mainly done by breaking into security holes on the phone.
Ted
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
