Handbook addition of sfperms http://dev.gentoo.org/~solar/xml/hb-working-features.xml-1.6.diff
Very neat; what is the idea behind "go-r" for setuids and "o-r" for setgids?
Often times a local attacker/malicious user could use system tools such as objdump,readelf to learn information such as offsets and symbol resolution about these files which then could be used in crafting exploits. Here are a few examples where this basic sanity could of helped. http://www.securityfocus.com/archive/1/171708/2003-11-28/2003-12-04/2 http://downloads.securityfocus.com/vulnerabilities/exploits/su-exp.c In this example we see ------------------------------------------------------------ if (!(st.st_mode & S_IROTH)) { printf("failed. /bin/su it's not +r\naborting\n"); exit(0); } ------------------------------------------------------------ Thus sucessful exploitation could of not happened in this case. This would force the attacker use to a brute force method to try to evaluate his/her privs. When this sanity is in place and coupled with a kernel that has ASLR (such as PAX,grsec) even the brute force method becomes really hard to ever guess correctly. Roughly a 2^16 chance but of course this depends on the situation like in which region you need an address or how many addresses you have to guess at once, how many bits you can ignore in the randomization (e.g. if u can send duplicates of the payload scattered in memory in some pattern), etc..
Okay, thanks. Committed.
