On Thu, Jun 21, 2007 at 06:29:17PM +0200, Alexander Wuerstlein wrote:
> On 070621 18:19, Adrian Bunk <[EMAIL PROTECTED]> wrote:
> > On Thu, Jun 21, 2007 at 05:55:16PM +0200, Johannes Schlumberger wrote:
> >
> > > Hi,
> >
> > Hi Johannes,
> >
> > > We (two students of CS) built a system for signing binaries and verifying
> > > them
> > > before executing. Our main focus was to implement a way to inhibit
> > > execution
> > > of suid-binaries, which are not trustworthy (i.e. not signed).
> > >...
> >
> > doesn't anyone who is able to install a not trustworthy suid-binary
> > already have the priviliges to do anything he wants to without requiring
> > an suid bit?
>
> Yes, quite correct in most cases. But if you have taken control of a computer
> on of the more common ways to keep the control for some time is the
> installation of a suid-binary (e.g. as part of a rootkit).
There are so many ways for manipulating a computer that controlling
setuid binaries hardly brings a real security gain.
> One could also imagine a scenario where an attacker controls some filesystems
> (on external storage perhaps) where he can of course manipulate the suid bit,
> but he does not have direct control over the attacked system unless he can
> execute that file.
And unless the filesystem is mounted without nosuid...
> Ciao,
>
> Alexander Wuerstlein.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
