FW: poor permissions on ssh binary

David Terrell dbt at meat.net
Fri Jun 29 12:21:59 EST 2001

On Tue, Jun 19, 2001 at 10:14:17AM -0400, Loomis, Rip wrote:
> Advantages of 0711 perms:
> 1.  Doesn't allow non-privileged users to read
> 	the installed binaries (which could
> 	be used to run strings against them to
> 	find out compiled options, etc.)

unprivileged users can probably still do this by attaching to the
running process with a debugger, if they really want to know.  Or
through observing deterministic behavior.

> 2.  Doesn't allow non-privileged users to copy
> 	the installed binaries to other systems
> 	or locations (the copied binaries could
> 	then *potentially* be directly modified
> 	or trojaned--but this is highly unlikely
> 	in today's world).
> 3.  System administrators can still copy the
> 	installed binaries to other systems or
> 	locations.	

System administrators who like to su you mean.

> Note that I don't think that those advantages
> are particularly amazing, and in fact any
> bad guy who wants to do something evil with
> OpenSSH would just start with the source.
> However, the binaries run just fine with the
> current permissions, and there's this important
> security concept called Least Privilege--which
> I'll explain in this case as "one shouldn't go
> around giving users or processes powers that
> they don't absolutely require, because one can't
> always predict future bugs and exposures."

As a system administrator, I like being able to do as little as
root as possible.  Being able to ship ssh binaries from one machine
to another without having to su just to get them is one way to
reduce that.

There's no security hole in making non-setuid or setuid binaries
readable that I know of.  If there are, then those holes should be

David Terrell            | "My question is, if a mime types, isn't 
dbt at meat.net             |  that kinda cheating?"
http://wwn.nebcorp.com/  |    - Jason Zych

More information about the openssh-unix-dev mailing list