Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The unix read permission is actually the same as the execute permission, so if e

ID: 659837 • Letter: T

Question

The unix read permission is actually the same as the execute permission, so if e.g. one process has write access it's also able to execute the same file.

This can be done pretty easily:First this process has to load the content of the file,which shall be executed, into a buffer. Afterwards it calls a function from a shared library which parses the ELF in the buffer and loads it to the right addresses(probably by overwriting the old process as usual, when calling execvp). The code jumps to the entry point of the new program and it's being executed.

I am pretty sure Dennis Ritchie and Ken Thompson were aware of that issue. So why did they even invent this permission, what is the intention behind it and what's the sense of it, if it can't prevent any process of any user having read access from executing? Is there even such a sense or is it superfluous?

Could this even be a serious security issue, are there any systems, which rely on the strength of rw- or r-- permissions?

Explanation / Answer

If you for some reason want to keep the binary code secret, you can make the program executable without being readable. This is not useful if those users have physical access to the machine. It is also not useful if the source or binary code is widely available. So this is a fairly limited use case.

If the program has a setuid or setgid bit, execute access does something more, than what can be achieved by reading the binary. One approach is to create a setuid executable which is only executable to a specific group. If it was world readable, people outside that group still couldn't copy it and make use of the setgid bit on the original executable. (Though in most cases I would rather use setgid than setuid, and then use the group on the directory to control who can access the executable.)

Usually the executable bit is simply used to indicate which files are programs in the first place. That way completion can work better, and you don't execute unwanted executables by accident.

If you want to prevent users from copying an executable and running it, you can mount home directories with noexec. In order for this to make sense, you have to use noexec to every file system, where the user could write anything.

Related Questions

The unit of magnetic flux is named for Wilhelm Weber. The practical-size unit of
Question #1647304
The unit process in the iterative matrix diagonalization procedure known as t me
Question #3184084
The unit product costs at a normal level of 5,000 units per month and selling pr
Question #2453504
The unit rem ( r oentgen e quivalent for m an) is the product of the radiation d
Question #993348
The unit rem (roentgen equivalent for man) is the product of the radiation dose
Question #916840
The unit rem (roentgen equivalent for man) is the product of the radiation dose
Question #1053275
The unit response of a 1st order system plant with a proportional controller and
Question #1840091
The unit response of a 1st order system plant with a proportional controller and
Question #2314179

Navigate

Previous
The university wants to promote the graduates of its honors program by proving t
Next
The unknown in the first line is 5 grams of 3-isopropoxyaniline (C 9 H 13 NO) th

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.