Re: Exploit in Upgrade Chain?

To: debian-security@lists.debian.org
Subject: Re: Exploit in Upgrade Chain?
From: Izak Burger <isburger@gmail.com>
Date: Fri, 13 Feb 2009 11:55:54 +0200
Message-id: <[🔎] e2e2e5500902130155q24b5e8f6v8a776157825db2fb@mail.gmail.com>
In-reply-to: <[🔎] 20090212203756.GB10254@lupe-christoph.de>
References: <1407c5e60902112126q197eb474w9abfd88781c81eca@mail.gmail.com> <[🔎] 200902120813.03081.bss@iguanasuicide.net> <[🔎] 49948255.4080801@thewellpoway.org> <[🔎] 20090212203756.GB10254@lupe-christoph.de>

On Thu, Feb 12, 2009 at 10:37 PM, Lupe Christoph <lupe@lupe-christoph.de> wrote:
> Mode 600 will deny /etc to everybody except root while it will change
> nothing for root. If you have any services on your system that run under
> non-root UIDs, and that have config under /etc, you hose them with any
> mode that removes the eXecute bit for "others".

Mode 600 (on a directory) lacks the access bit, so even root will have
a hard time getting much joy out of /etc. You will need at least 700
to give root access.

regards,
Izak

Reply to:

Follow-Ups:
- Re: Exploit in Upgrade Chain?
  - From: Lupe Christoph <lupe@lupe-christoph.de>

References:
- Re: Exploit in Upgrade Chain?
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
- Re: Exploit in Upgrade Chain?
  - From: The Well - Systems Administrator <sysadmin@thewellpoway.org>
- Re: Exploit in Upgrade Chain?
  - From: Lupe Christoph <lupe@lupe-christoph.de>

Prev by Date: Re: Potential expoits via application launchers (aka .desktop files)
Next by Date: Re: Exploit in Upgrade Chain?
Previous by thread: Re: Exploit in Upgrade Chain?
Next by thread: Re: Exploit in Upgrade Chain?
Index(es):
- Date
- Thread