Timeline for Unix execute permission can be easily bypassed. Is it superfluous, or what's the intention behind it?
Current License: CC BY-SA 3.0
21 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 4, 2014 at 18:09 | comment | added | grawity | @MartinErhardt: You might find these Old New Thing posts interesting, specifically this or this, with examples of things that look like security issues, but don't really let you do anything more than normally. | |
| Sep 4, 2014 at 18:04 | comment | added | grawity | @MartinErhardt: It only becomes a security issue if the program can do more than the user could normally do through other methods. For example, Wireshark installs /usr/bin/dumpcap with elevated privileges (setuid bit or the cap_net_raw privilege), so by executing it a user could do stuff (capture network traffic) which the OS would not permit directly. Of course only members of the 'wireshark' group have the +x permission; all other users can only read the program. | |
| Sep 4, 2014 at 12:07 | answer | added | Luis Colorado | timeline score: 2 | |
| Sep 3, 2014 at 18:42 | answer | added | user54909 | timeline score: 8 | |
| Sep 3, 2014 at 11:40 | history | edited | Martin Erhardt | retagged | |
| Sep 3, 2014 at 10:48 | history | edited | Martin Erhardt | retagged | |
| Sep 3, 2014 at 6:20 | comment | added | Martin Erhardt | jjanes Well I thought it would be some kind of security issue, if users are able to execute programs they are not allowed to. | |
| Sep 3, 2014 at 2:28 | comment | added | jjanes | Why would I go out of my way to execute a file which I don't want to execute? | |
| Sep 3, 2014 at 2:06 | comment | added | Joshua | I am astounded at the voting, etc. here. The only correct answer is a comment. | |
| Sep 2, 2014 at 15:46 | answer | added | Simon Richter | timeline score: 7 | |
| Sep 2, 2014 at 12:51 | history | edited | Martin Erhardt | CC BY-SA 3.0 | deleted 36 characters in body |
| Sep 2, 2014 at 12:40 | answer | added | kasperd | timeline score: 4 | |
| Sep 2, 2014 at 11:26 | history | edited | Martin Erhardt | CC BY-SA 3.0 | title |
| Sep 2, 2014 at 8:59 | history | edited | Martin Erhardt | CC BY-SA 3.0 | added 5 characters in body |
| Sep 2, 2014 at 8:54 | vote | accept | Martin Erhardt | ||
| Sep 2, 2014 at 8:07 | answer | added | Guntram Blohm | timeline score: 26 | |
| Sep 2, 2014 at 5:27 | comment | added | grawity | An important point is that all methods of bypassing -x will ignore the elevated privileges (setuid bit, file capabilities, path-based rules) that the original program has. | |
| Sep 2, 2014 at 5:19 | history | tweeted | twitter.com/#!/StackSecurity/status/506672784001732608 | ||
| Sep 2, 2014 at 1:40 | answer | added | Mark | timeline score: 82 | |
| Sep 1, 2014 at 23:31 | review | First posts | |||
| Sep 1, 2014 at 23:50 | |||||
| Sep 1, 2014 at 23:28 | history | asked | Martin Erhardt | CC BY-SA 3.0 |