From: "Michael Potter" <pottmi@gmail.com>
To: gdb@sourceware.org
Subject: unable to attach to setuid program that as reverted it privilege
Date: Tue, 22 Jan 2008 20:00:00 -0000 [thread overview]
Message-ID: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com> (raw)
Gdb Crew,
I get this error when attaching to a setuid program that has
_given_up_ its root privilege setuid(getuid()):
---------------------
x~> gdb -p 19484
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i586-suse-linux".
Attaching to process 19484
ptrace: Operation not permitted. <<<<<=================
--------------------
I will speculate that the logic behind that is even tho the program
does not have root privilege now, it could have something in left over
in memory from when it did have root privilege. I think this is a
good default behavior, but I am hopeful that some clever programmer
has found a way to change their program such that gdb can attach to
it.
My program _only_ uses root privilege to be able to be able to do a
oneway switch to a non-privileged user. I believe that any hole I am
opening up is much smaller than my next alternative which is to allow
the programmers to run gdb as root so they can attach to the program.
Suggestions on alternatives such as a way to switch users without root
privileges
are welcome.
Thanks,
For those of you who may want to reproduce this feature here are some
cut and paste ready instructions:
1) mkdir -p tmp/setuidtest;cd tmp/setuidtest
2) vim iamsetuidroot.c # paste in the following:
#include <stdio.h>
#include <stdlib.h>
int main(int arc, char *argv[])
{
if (geteuid() != 0)
{
printf("this program must be run setuid root, not %d\n",
geteuid());
exit(1);
}
if (getuid() == 0)
{
printf("this program must not be run as root\n");
exit(1);
}
setuid(getuid());
if (!setuid(0))
{
/* we want setuid to fail to be able to return to root */
printf("this program was able to revert to root\n");
exit(1);
}
printf("before the sleep %d\n", getpid());
sleep(60);
printf("after the sleep\n");
exit(0);
}
3) cc -o iamsetuidroot iamsetuidroot.c
4) sudo chown root iamsetuidroot
5) sudo chmod u+s iamsetuidroot
6) ./iamsetuidroot # observe pid in output.
7) gdb -p $thePid # in another window
next reply other threads:[~2008-01-22 20:00 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-22 20:00 Michael Potter [this message]
2008-01-22 20:09 ` Daniel Jacobowitz
2008-01-22 20:24 ` Michael Potter
2008-01-23 17:52 ` Mark Kettenis
2008-01-23 18:48 ` Michael Potter
2008-01-23 20:26 ` Michael Potter
2008-01-23 20:42 ` Andreas Schwab
2008-01-24 5:05 ` Michael Potter
2008-01-24 9:18 ` Andreas Schwab
2008-04-14 13:46 Reynolds, Brandon
2008-04-14 16:32 ` Michael Potter
2008-04-14 16:45 ` Tavis Ormandy
2008-04-15 1:02 ` Reynolds, Brandon
2008-04-15 1:24 ` Michael Potter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com \
--to=pottmi@gmail.com \
--cc=gdb@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox