Security

[Tom Christiansen]

I've received a lot of mail from people who didn't understand
my (or Peter's, it would seem) postings about readable binaries.
Permit me to elucidate.

The reason that you shouldn't try to protect yourself by making
system binaries unreadable is that you're not relying on password
interrogation or even setuid programs, but on pure, unreliable
ignorance.  Once the secret is out, it can't be taken back.  Never
rely on someone not knowing how to something to keep them from doing
it.  Someday you'll be sorry.

BTW, on these fascist systems with system binaries that aren't
readable, what happens when these binaries take a SIGQUIT or some
other coredump signal?  Do you get a core dump with text you can
read?  On most UNIX systems I know, you do, which blows your 
wonderful security out of the water.  Of what about attaching
to running processes, such as with gdb?  It's your process, so
you can attach to it, right?  Then you can read its text!

There are lots of other ways.  Getting a hold of backup tapes
or root core dumps or all kinds of things will give away your
shop if you rely upon this method.

As to "who adb's system binaries,"  the answer is me and anyone
else who wants to track down what's broken when something breaks.
I don't always have root on the machine, but I still try to figure
out what happened.  Not being able to get at the binary is a serious
impediment to this.

--tom
--
 "UNIX was never designed to keep people from doing stupid things, because 
  that policy would also keep them from doing clever things." [Doug Gwyn]