From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-return-8245-listarch-gdb=sourceware.cygnus.com@sources.redhat.com>
Received: (qmail 6718 invoked by alias); 3 Apr 2002 15:26:31 -0000
Mailing-List: contact gdb-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:gdb-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/gdb/>
List-Post: <mailto:gdb@sources.redhat.com>
List-Help: <mailto:gdb-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: gdb-owner@sources.redhat.com
Received: (qmail 6710 invoked from network); 3 Apr 2002 15:26:30 -0000
Received: from unknown (HELO hub.ott.qnx.com) (209.226.137.76)
  by sources.redhat.com with SMTP; 3 Apr 2002 15:26:30 -0000
Received: from smtp.ott.qnx.com (smtp.ott.qnx.com [10.0.2.158])
	by hub.ott.qnx.com (8.9.3/8.9.3) with ESMTP id KAA04025
	for <gdb@sources.redhat.com>; Wed, 3 Apr 2002 10:26:06 -0500
Received: from catdog (dhcpa182 [10.12.1.182]) by smtp.ott.qnx.com (8.8.8/8.6.12) with SMTP id KAA15793 for <gdb@sources.redhat.com>; Wed, 3 Apr 2002 10:25:42 -0500
Message-ID: <097201c1db23$feef79d0$b6010c0a@catdog>
From: "Kris Warkentin" <kewarken@qnx.com>
To: <gdb@sources.redhat.com>
Subject: gdb and suid binaries - security?
Date: Wed, 03 Apr 2002 07:26:00 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-SW-Source: 2002-04/txt/msg00014.txt.bz2

Is it true that if gdb is debugging a suid binary then any calls they make
from the debugger are executed as that user?  Couldn't one then execute
arbitrary instructions as root if you debugged something like su?  Or even
worse, just call setuid(0) and let the program run to completion.

Oddly enough I've noticed that this actually fails on both FreeBSD and Linux
but it almost seems to be some mechanism outside of gdb.  Does anyone know
how this works?

cheers,

Kris