From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14826 invoked by alias); 22 Jan 2008 20:00:09 -0000 Received: (qmail 14808 invoked by uid 22791); 22 Jan 2008 20:00:07 -0000 X-Spam-Check-By: sourceware.org Received: from wa-out-1112.google.com (HELO wa-out-1112.google.com) (209.85.146.181) by sourceware.org (qpsmtpd/0.31) with ESMTP; Tue, 22 Jan 2008 19:59:50 +0000 Received: by wa-out-1112.google.com with SMTP id l35so4556917waf.12 for ; Tue, 22 Jan 2008 11:59:48 -0800 (PST) Received: by 10.115.75.1 with SMTP id c1mr7242791wal.84.1201031988816; Tue, 22 Jan 2008 11:59:48 -0800 (PST) Received: by 10.115.58.2 with HTTP; Tue, 22 Jan 2008 11:59:48 -0800 (PST) Message-ID: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com> Date: Tue, 22 Jan 2008 20:00:00 -0000 From: "Michael Potter" To: gdb@sourceware.org Subject: unable to attach to setuid program that as reverted it privilege MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-IsSubscribed: yes Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2008-01/txt/msg00224.txt.bz2 Gdb Crew, I get this error when attaching to a setuid program that has _given_up_ its root privilege setuid(getuid()): --------------------- x~> gdb -p 19484 GNU gdb 6.5 Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i586-suse-linux". Attaching to process 19484 ptrace: Operation not permitted. <<<<<================= -------------------- I will speculate that the logic behind that is even tho the program does not have root privilege now, it could have something in left over in memory from when it did have root privilege. I think this is a good default behavior, but I am hopeful that some clever programmer has found a way to change their program such that gdb can attach to it. My program _only_ uses root privilege to be able to be able to do a oneway switch to a non-privileged user. I believe that any hole I am opening up is much smaller than my next alternative which is to allow the programmers to run gdb as root so they can attach to the program. Suggestions on alternatives such as a way to switch users without root privileges are welcome. Thanks, For those of you who may want to reproduce this feature here are some cut and paste ready instructions: 1) mkdir -p tmp/setuidtest;cd tmp/setuidtest 2) vim iamsetuidroot.c # paste in the following: #include #include int main(int arc, char *argv[]) { if (geteuid() != 0) { printf("this program must be run setuid root, not %d\n", geteuid()); exit(1); } if (getuid() == 0) { printf("this program must not be run as root\n"); exit(1); } setuid(getuid()); if (!setuid(0)) { /* we want setuid to fail to be able to return to root */ printf("this program was able to revert to root\n"); exit(1); } printf("before the sleep %d\n", getpid()); sleep(60); printf("after the sleep\n"); exit(0); } 3) cc -o iamsetuidroot iamsetuidroot.c 4) sudo chown root iamsetuidroot 5) sudo chmod u+s iamsetuidroot 6) ./iamsetuidroot # observe pid in output. 7) gdb -p $thePid # in another window