2.5.2p2 ssh-keyscan installed group writable?

Phil Pennock Phil.Pennock at globnix.org
Wed Mar 28 09:23:25 EST 2001


On 2001-03-27 at 08:42 -0500, Christopher Linn gifted us with:
> it is common practice to deny readability to suid binaries, and this
> results in no loss of functionality.  i *think* this is so users 
> cannot copy and analyze the binary for e.g. buffer overruns
> and the like.

IIRC, there are some hideously broken Unices where you can trace
processes if you can read the executable, even if it's setuid.
I think that exec*() would _only_ drop tracing if you didn't have
read permission on the executed binary.

At least, this was the argument used some years back, back when I was
but a grasshopper.
-- 
Science without religion is lame; religion without science is blind.
 -- Albert Einstein, Reader's Digest, Nov. 1973



More information about the openssh-unix-dev mailing list