From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-return-30812-listarch-gdb=sources.redhat.com@sourceware.org>
Received: (qmail 26561 invoked by alias); 22 Jan 2008 20:09:19 -0000
Received: (qmail 26553 invoked by uid 22791); 22 Jan 2008 20:09:18 -0000
X-Spam-Check-By: sourceware.org
Received: from NaN.false.org (HELO nan.false.org) (208.75.86.248)     by sourceware.org (qpsmtpd/0.31) with ESMTP; Tue, 22 Jan 2008 20:08:59 +0000
Received: from nan.false.org (localhost [127.0.0.1]) 	by nan.false.org (Postfix) with ESMTP id 772B198376; 	Tue, 22 Jan 2008 20:08:57 +0000 (GMT)
Received: from caradoc.them.org (22.svnf5.xdsl.nauticom.net [209.195.183.55]) 	by nan.false.org (Postfix) with ESMTP id 5001598216; 	Tue, 22 Jan 2008 20:08:57 +0000 (GMT)
Received: from drow by caradoc.them.org with local (Exim 4.68) 	(envelope-from <drow@caradoc.them.org>) 	id 1JHPQW-0005M6-8H; Tue, 22 Jan 2008 15:08:56 -0500
Date: Tue, 22 Jan 2008 20:09:00 -0000
From: Daniel Jacobowitz <drow@false.org>
To: Michael Potter <pottmi@gmail.com>
Cc: gdb@sourceware.org
Subject: Re: unable to attach to setuid program that as reverted it 	privilege
Message-ID: <20080122200856.GA20301@caradoc.them.org>
Mail-Followup-To: Michael Potter <pottmi@gmail.com>, gdb@sourceware.org
References: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com>
User-Agent: Mutt/1.5.17 (2007-12-11)
X-IsSubscribed: yes
Mailing-List: contact gdb-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb.sourceware.org>
List-Subscribe: <mailto:gdb-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-owner@sourceware.org
X-SW-Source: 2008-01/txt/msg00225.txt.bz2

On Tue, Jan 22, 2008 at 01:59:48PM -0600, Michael Potter wrote:
> I will speculate that the logic behind that is even tho the program
> does not have root privilege now, it could have something in left over
> in memory from when it did have root privilege.  I think this is a

Correct.  For instance, it could have an open file descriptor to a
root-owned file or a privileged network socket.  There's lots of
things you can inherit.

> good default behavior, but I am hopeful that some clever programmer
> has found a way to change their program such that gdb can attach to
> it.

It has nothing to do with the program; this is part of your kernel's
security model.  Sorry.  I believe it's pretty much universal behavior
across Unix-like systems.

> Suggestions on alternatives such as a way to switch users without root
> privileges
> are welcome.

Allow "sudo -u otheruser ./nonsetuid-copy-of-program" ?

-- 
Daniel Jacobowitz
CodeSourcery