2.5.2p2 ssh-keyscan installed group writable?

Loomis, Rip GILBERT.R.LOOMIS at saic.com
Thu Mar 29 03:09:24 EST 2001


Rachit--
Agreed in part.  The binary shouldn't have been
so poorly written...but making the binary non-
readable by regular users is in this case part
of "defense in depth".

Security by obscurity should not be depended on,
since it has been and will continue to be a weak
security measure.  In this case, however, it
would have helped the overall security of the
system.

Bottom line--almost any system is going to be
more secure with a "default deny" policy than
a "default allow" policy...and this is a simple
change which doesn't break anything.

Rip Loomis		Voice Number: (410) 953-6874
--------------------------------------------------------
Senior Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com

 

> -----Original Message-----
> From: Rachit Siamwalla [mailto:rachit at ensim.com]
> Sent: Tuesday, March 27, 2001 6:55 PM
> To: Loomis, Rip
> Cc: 'Jason Stone'; openssh-unix-dev at mindrot.org
> Subject: Re: 2.5.2p2 ssh-keyscan installed group writable?
> 
> 
> 
> I totally agree and understand this example, but I can't help thinking
> relying on read permissions to "secure" a binary is exactly 
> the same as
> "security through obscurity" :)
> 
> -rchit
> 
> > 2.  Install *all* executables (not just SetUID)
> >         as mode 511 (or 4511 if appropriate).
> >         There's no reason why root needs to be
> >         able to routinely overwrite them,
> >         and there's no reason why non-root
> >         users need to be able to routinely
> >         copy them or run strings/objdump on them...
> >         so why allow it?  This will require
> >         an additional step during an upgrade,
> >         but could also prevent accidental
> >         or intentional overwriting which is
> >         not desireable.
> 



More information about the openssh-unix-dev mailing list