PolicyKit releases and !AWOL

Michael Biebl mbiebl at gmail.com
Sun Dec 16 19:22:13 PST 2007 

2007/12/17, David Zeuthen <david at fubar.dk>:
>
> On Mon, 2007-12-17 at 03:02 +0100, Michael Biebl wrote:
> > Well, making it 4754, means everyone can read the binary.
> > If you make it 4750, the user can download the deb/rpm and extract the
> > binary from there to read it. So you don't gain any additional
> > security by making it non-readable
>
> No, but it makes it a lot harder; if you can read the file you can run
> strings(1) and ldd(1) on it; that alone is a lot of useful information.

You can do that just as well with the binary that you extracted from
the deb/rpm.
So this point is not valid.

>
> Sure, it doesn't add security but the program should be secure in the
> first place (and I believe it is) otherwise it's a stop-ship bug.

I'm not sure what this has to do with the file permissions.

> It's not about "adding security" - the name of the game is about
> limiting what damage can be done in the event there's a flaw in the
> program. And making the file non-readable for world helps slow down the
> would-be attacker (who is typically a 13-year old script kiddie with too
> much time on his hands).

I don't understand what you are trying to say with that. How can a
flaw in the program be exploited (more easily) if it's world readable?
Can you give me a real world scenario here? What you say is to vague.

> Also, what you are suggesting, making the file world readable, violates
> the principle of least privilege: the user simply has no business
> messing with that file; it's just an internal implementation detail of
> higher level software (in this case libpolkit-grant.so).

Actually its the other way around.
Think of backup programs, which now have to run as root to be able to
successfully create a backup, or intrusion detection systems, which
check the file checksums, which can't be run unpriviledged.
I hope I could give you some use cases, why it makes sense to make the
files world readable.

Cheers,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

More information about the hal mailing list