Linked by Thom Holwerda on Wed 5th Apr 2006 17:37 UTC, submitted by Mark
Linux "In GNU/Linux, file access is restricted. Users don't necessarily have the same rights when it comes to deleting, executing or even reading files. In fact, every file contain data such as its owner, its permissions and other information which defines exactly what can be done with it, and by whom."
Thread beginning with comment 112243
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: a recommended read
by jaboua on Thu 6th Apr 2006 13:38 UTC in reply to "RE[3]: a recommended read"
jaboua
Member since:
2005-09-08

Well... A virus is something that infects the system and screws it up...

But malware may have a hard time as well, if it's left without executable permissions.

Reply Parent Score: 1

RE[5]: a recommended read
by Morin on Thu 6th Apr 2006 19:30 in reply to "RE[4]: a recommended read"
Morin Member since:
2005-12-31

> But malware may have a hard time as well, if it's left without executable permissions.

Specially forged data files do not have executable permissions but execute code anyway through buffer overflow attacks.

Not all scripting interpreters require the script to have executable permissions. The script could also be embedded in a datafile.

Social engineering attacks don't have a hard time in making the user set executable permissions.

... and so on. You can of course pretend the problem doesn't exist. But you could also understand the cause of these problems, why file permissions alone *don't* handle them, and find a better solution. This doesn't mean file permissions are useless - in fact they'd probably play an important role in a proper solution. But they are not a solution to everything if taken alone.

On a side note, many "computer specialists" avoid responsibility for social engineering attacks altogether, probably with excuses such as "people shouldn't be so stupid", or "we can't solve this problem anyway", or "we aren't the right people to solve this problem", or whatever. Saying that file permissions solve the malware problem tends to lead in the same direction.

Reply Parent Score: 1

RE[5]: a recommended read
by Soulbender on Fri 7th Apr 2006 02:54 in reply to "RE[4]: a recommended read"
Soulbender Member since:
2005-08-18

"A virus is something that infects the system and screws it up..."
No, a virus is something that infects a system and uses it to spread further. Damaging the infected system is not always a goal.

"But malware may have a hard time as well, if it's left without executable permissions."
Not really, since the owner of a file always can change its permissions and a file can still be run even if it doesnt have the execute permission (ie "/bin/sh somescript").

Reply Parent Score: 1