2.5.2p2 ssh-keyscan installed group writable?
Loomis, Rip
GILBERT.R.LOOMIS at saic.com
Thu Mar 29 03:09:24 EST 2001
Rachit--
Agreed in part. The binary shouldn't have been
so poorly written...but making the binary non-
readable by regular users is in this case part
of "defense in depth".
Security by obscurity should not be depended on,
since it has been and will continue to be a weak
security measure. In this case, however, it
would have helped the overall security of the
system.
Bottom line--almost any system is going to be
more secure with a "default deny" policy than
a "default allow" policy...and this is a simple
change which doesn't break anything.
Rip Loomis Voice Number: (410) 953-6874
--------------------------------------------------------
Senior Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com
> -----Original Message-----
> From: Rachit Siamwalla [mailto:rachit at ensim.com]
> Sent: Tuesday, March 27, 2001 6:55 PM
> To: Loomis, Rip
> Cc: 'Jason Stone'; openssh-unix-dev at mindrot.org
> Subject: Re: 2.5.2p2 ssh-keyscan installed group writable?
>
>
>
> I totally agree and understand this example, but I can't help thinking
> relying on read permissions to "secure" a binary is exactly
> the same as
> "security through obscurity" :)
>
> -rchit
>
> > 2. Install *all* executables (not just SetUID)
> > as mode 511 (or 4511 if appropriate).
> > There's no reason why root needs to be
> > able to routinely overwrite them,
> > and there's no reason why non-root
> > users need to be able to routinely
> > copy them or run strings/objdump on them...
> > so why allow it? This will require
> > an additional step during an upgrade,
> > but could also prevent accidental
> > or intentional overwriting which is
> > not desireable.
>
More information about the openssh-unix-dev
mailing list