lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070621162917.GB9741@cip.informatik.uni-erlangen.de>
Date:	Thu, 21 Jun 2007 18:29:17 +0200
From:	Alexander Wuerstlein <arw@....name>
To:	Adrian Bunk <bunk@...sta.de>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] signed binaries support [0/4]

On 070621 18:19, Adrian Bunk <bunk@...sta.de> wrote:
> On Thu, Jun 21, 2007 at 05:55:16PM +0200, Johannes Schlumberger wrote:
> 
> > Hi,
> 
> Hi Johannes,
> 
> > We (two students of CS) built a system for signing binaries and verifying them
> > before executing. Our main focus was to implement a way to inhibit execution
> > of suid-binaries, which are not trustworthy (i.e. not signed).
> >...
> 
> doesn't anyone who is able to install a not trustworthy suid-binary 
> already have the priviliges to do anything he wants to without requiring 
> an suid bit?

Yes, quite correct in most cases. But if you have taken control of a computer
on of the more common ways to keep the control for some time is the
installation of a suid-binary (e.g. as part of a rootkit). 

One could also imagine a scenario where an attacker controls some filesystems
(on external storage perhaps) where he can of course manipulate the suid bit,
but he does not have direct control over the attacked system unless he can
execute that file.



Ciao,

Alexander Wuerstlein.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ