Xref: utzoo alt.security:1549 alt.bbs:2941 comp.unix.sysv386:402
Path: utzoo!attcan!utgpu!cs.utexas.edu!swrinde!ucsd!usc!julius.cs.uiuc.edu!rpi!crdgw1!sixhub!davidsen
From: davidsen@sixhub.UUCP (Wm E. Davidsen Jr)
Newsgroups: alt.security,alt.bbs,comp.unix.sysv386
Subject: Re: Protecting against downloads
Message-ID: <1890@sixhub.UUCP>
Date: 16 Sep 90 17:11:22 GMT
References: <epeterso.653228040@houligan> <8RFgP2w163w@mudos.ann-arbor.mi.us> <epeterso.653316195@houligan>
Reply-To: davidsen@sixhub.UUCP (bill davidsen)
Followup-To: alt.security
Organization: *IX Public Access UNIX, Schenectady NY
Lines: 18

In article <epeterso.653316195@houligan> epeterson@encore.com writes:

| As mentioned in another message, there is a program which can
| determine preprocessor symbols by digging them out of the cc binary,
| for which one has to have read permission on /bin/cc.  Also, if you're
| working on a program which dives into the kernel and nlist(3) out the
| addresses for its data structures, having read permission on the
| kernel is also helpful.

  Helpful to whom? It is not helpful to me to have any user do these
things. If there are programs which must read the kernel, after they are
debugged using dummy copies they can be setgid kmem (or sysinfo in SysV)
to allow access.
-- 
bill davidsen - davidsen@sixhub.uucp (uunet!crdgw1!sixhub!davidsen)
    sysop *IX BBS and Public Access UNIX
    moderator of comp.binaries.ibm.pc and 80386 mailing list
"Stupidity, like virtue, is its own reward" -me