From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28711 invoked by alias); 23 Jan 2008 17:52:51 -0000 Received: (qmail 28701 invoked by uid 22791); 23 Jan 2008 17:52:50 -0000 X-Spam-Check-By: sourceware.org Received: from sibelius.xs4all.nl (HELO sibelius.xs4all.nl) (82.92.89.47) by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 23 Jan 2008 17:52:33 +0000 Received: from brahms.sibelius.xs4all.nl (kettenis@localhost.sibelius.xs4all.nl [127.0.0.1]) by brahms.sibelius.xs4all.nl (8.14.1/8.14.1) with ESMTP id m0NHqRU3007254; Wed, 23 Jan 2008 18:52:27 +0100 (CET) Received: (from kettenis@localhost) by brahms.sibelius.xs4all.nl (8.14.1/8.14.1/Submit) id m0NHqQPh001359; Wed, 23 Jan 2008 18:52:27 +0100 (CET) Date: Wed, 23 Jan 2008 17:52:00 -0000 Message-Id: <200801231752.m0NHqQPh001359@brahms.sibelius.xs4all.nl> From: Mark Kettenis To: pottmi@gmail.com CC: gdb@sourceware.org In-reply-to: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com> (pottmi@gmail.com) Subject: Re: unable to attach to setuid program that as reverted it privilege References: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com> Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2008-01/txt/msg00233.txt.bz2 > Date: Tue, 22 Jan 2008 13:59:48 -0600 > From: "Michael Potter" > > Gdb Crew, > > I get this error when attaching to a setuid program that has > _given_up_ its root privilege setuid(getuid()): > > --------------------- > x~> gdb -p 19484 > GNU gdb 6.5 > Copyright (C) 2006 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and > you are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for > details. > This GDB was configured as "i586-suse-linux". > Attaching to process 19484 > ptrace: Operation not permitted. <<<<<================= This is the only acceptable behaviour. The program might have dropped root priviliges but it might still hold resources acquired when it still had those priviliges and you might be able to exploit those. You should be able to attach to the process as root. If not, complain to the Linux kernel people.