Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.misc > #86062

Re: copy.fail

From Richard Kettlewell <invalid@invalid.invalid>
Newsgroups comp.os.linux.misc
Subject Re: copy.fail
Date 2026-05-01 17:48 +0100
Organization terraraq NNTP server
Message-ID <wwv340bcbzf.fsf@LkoBDZeT.terraraq.uk> (permalink)
References <eli$2604300130@qaz.wtf> <87lde4tqpy.fsf@atr2.ath.cx> <10t09ci$3mbqc$1@news.xmission.com> <10t228c$17p94$1@news1.tnib.de>

Show all headers | View raw

Marc Haber <mh+usenetspam2616@zugschl.us> writes:
> gazelle@shell.xmission.com (Kenny McCormack) wrote:

>> In fact, an argument can be made that *all* system-supplied
>> executables (the ones currently protected 755) should be protected
>> 711 instead.
>>
>> We are not living in the 20th century anymore.
>
> And still all those files can be publicly downloaded from the
> distribution's repositories. It just makes life harder to make them
> unreadable.

The issue is not secrecy or otherwise of the file contents, it’s the
read permission itself.  The underlying vulnerability gives the attacker
the ability to modify the cached copy of any file they can open, even
just for reading, and the example exploit applies that to a setuid
executable. Remove read permission and the file is no longer a target
for this attack.

However, removing read permission on executables isn’t likely to help,
for the reasons given in my other post.

-- 
https://www.greenend.org.uk/rjk/

Back to comp.os.linux.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

copy.fail Eli the Bearded <*@eli.users.panix.com> - 2026-04-30 05:40 +0000
  Re: copy.fail Ralf Fassel <ralfixx@gmx.de> - 2026-04-30 16:39 +0200
  Re: copy.fail jayjwa <jayjwa@atr2.ath.cx.invalid> - 2026-04-30 11:25 -0400
    Re: copy.fail gazelle@shell.xmission.com (Kenny McCormack) - 2026-04-30 19:09 +0000
      Re: copy.fail Marc Haber <mh+usenetspam2616@zugschl.us> - 2026-05-01 13:19 +0200
        Re: copy.fail Richard Kettlewell <invalid@invalid.invalid> - 2026-05-01 17:48 +0100
          Re: copy.fail gazelle@shell.xmission.com (Kenny McCormack) - 2026-05-02 10:28 +0000
            Re: copy.fail gazelle@shell.xmission.com (Kenny McCormack) - 2026-05-02 12:12 +0000
            Re: copy.fail pa@see.signature.invalid (Pierre Asselin) - 2026-05-02 21:46 +0000
              Re: copy.fail Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-02 23:44 +0000
                Re: copy.fail gazelle@shell.xmission.com (Kenny McCormack) - 2026-05-03 01:12 +0000
                Re: copy.fail rbowman <bowman@montana.com> - 2026-05-03 02:46 +0000
                Re: copy.fail Richard Kettlewell <invalid@invalid.invalid> - 2026-05-03 09:55 +0100
            Re: copy.fail Richard Kettlewell <invalid@invalid.invalid> - 2026-05-02 23:02 +0100
              Re: copy.fail pa@see.signature.invalid (Pierre Asselin) - 2026-05-03 18:11 +0000
                Re: copy.fail Richard Kettlewell <invalid@invalid.invalid> - 2026-05-03 23:05 +0100
    Re: copy.fail Richard Kettlewell <invalid@invalid.invalid> - 2026-04-30 22:41 +0100
    Re: copy.fail Stéphane CARPENTIER <sc@fiat-linux.fr> - 2026-05-01 09:33 +0000
  Re: copy.fail Ralf Fassel <ralfixx@gmx.de> - 2026-05-01 23:17 +0200
    Re: copy.fail Rich <rich@example.invalid> - 2026-05-06 04:17 +0000
  Re: copy.fail Woozy Song <suzyw0ng@outlook.com> - 2026-05-03 11:42 +0800

csiph-web