Security (was Re SUMMARY: C Compiler Predefined Manifest Definitions)
Tom Bannon
bannon at betelgeuse.csc.ti.com
Sat Aug 25 06:03:58 AEST 1990
In article <105269 at convex.convex.com> tchrist at convex.COM (Tom Christiansen)
> In article <595 at wattres.UUCP> steve at wattres.UUCP (Steve Watt) writes:
> |Which brings up what I consider to be a strange point: Why is it that most
> |*NIX vendors ship systems with all the files in /bin and /usr/bin world-
> |readable? It seems to me that they only need to be world-executable...
> Absurd. If you are relying about people not knowing about something
> for your security, than you've really no security at all.
> But the point of it's being annoying secondary to the fact that it
> just doesn't make sense to rely upon ignorance to protect you.
> Security through obscurity isn't.
As well as From: peter at ficc.ferranti.com (Peter da Silva)
> Security through obscurity is no security at all.
Hmmm... I guess encryption is out then, being as it relies on the
ignorance of the key. Ignorance, the absence of knowledge, seems to
play a fundamental role in security. Even in Zero-knowledge proofs
if I understand them correctly. You both seem to hold a different
viewpoint however. Could you elaborate?
tchrist at convex.COM (Tom Christiansen):
> An unreadable binary is just annoying. You can't run what or strings
> on it. You can't adb it for your core dumps.
A good point. Perhaps this points out a problem with what, strings,
and adb, i.e., the inability to read binaries that have restricted
read permission. Whether there is a good general solution (setuid??) for
this problem under Unix I don't know however. I would certainly like
to hear about any if there were.
Tom
bannon at csc.ti.com
More information about the Comp.unix.questions
mailing list