herbw@wiskit.rain.com (Herb Weiner) (04/09/91)
I've been doing a little research on Unix security, so it's time to ask a question before I do something foolish. According to "Unix System Administration Handbook", by Nemeth, Snyder, and Seebass (Prentice Hall, 1989), ISBN 0-13-933441-6, Chapter 24 (Security), page 446: "24.3.1.7 Don't make setuid programs world-readable" "There is a difference between having permission to execute a file and having permission to read it. Use this to your advantage by setting the permissions on your setuid programs so that they can be executed but not read. This is to keep prying eyes from finding out how your code works and exploiting its weaknesses." Makes sense to me... but the programs that violate this rule are the ones supplied by Apple. Would there be any problem if I turn off world read permission for all such programs? Would it do any good? (There are, after all, many A/UX systems besides mine to satisfy those prying eyes.) Any additional comments on Unix or A/UX security? (In addition to Nemeth, Snyder, and Seebass, another book I'd recommend is "Unix System Security", by Wood and Kochan (Hayden Books, 1985), ISBN 0-672-48494-3.) Thanks for your advice and opinions. Herb Weiner