From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 32416 invoked by alias); 23 Jan 2008 18:48:52 -0000 Received: (qmail 32408 invoked by uid 22791); 23 Jan 2008 18:48:52 -0000 X-Spam-Check-By: sourceware.org Received: from hs-out-0708.google.com (HELO hs-out-2122.google.com) (64.233.178.240) by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 23 Jan 2008 18:48:29 +0000 Received: by hs-out-2122.google.com with SMTP id 4so1643211hsl.8 for ; Wed, 23 Jan 2008 10:48:27 -0800 (PST) Received: by 10.114.120.1 with SMTP id s1mr8769152wac.107.1201114106723; Wed, 23 Jan 2008 10:48:26 -0800 (PST) Received: by 10.115.58.2 with HTTP; Wed, 23 Jan 2008 10:48:26 -0800 (PST) Message-ID: <2379dacc0801231048l655f3463y748a41c7a4ab8b49@mail.gmail.com> Date: Wed, 23 Jan 2008 18:48:00 -0000 From: "Michael Potter" To: "Mark Kettenis" Subject: Re: unable to attach to setuid program that as reverted it privilege Cc: gdb@sourceware.org In-Reply-To: <200801231752.m0NHqQPh001359@brahms.sibelius.xs4all.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com> <200801231752.m0NHqQPh001359@brahms.sibelius.xs4all.nl> X-IsSubscribed: yes Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2008-01/txt/msg00237.txt.bz2 On Jan 23, 2008 11:52 AM, Mark Kettenis wrote: > > Date: Tue, 22 Jan 2008 13:59:48 -0600 > > From: "Michael Potter" > > > > Gdb Crew, > > > > I get this error when attaching to a setuid program that has > > _given_up_ its root privilege setuid(getuid()): > > > > --------------------- > > x~> gdb -p 19484 > > GNU gdb 6.5 > > Copyright (C) 2006 Free Software Foundation, Inc. > > GDB is free software, covered by the GNU General Public License, and > > you are > > welcome to change it and/or distribute copies of it under certain > > conditions. > > Type "show copying" to see the conditions. > > There is absolutely no warranty for GDB. Type "show warranty" for > > details. > > This GDB was configured as "i586-suse-linux". > > Attaching to process 19484 > > ptrace: Operation not permitted. <<<<<================= > > This is the only acceptable behaviour. The program might have dropped > root priviliges but it might still hold resources acquired when it > still had those priviliges and you might be able to exploit those. > > You should be able to attach to the process as root. If not, complain > to the Linux kernel people. > > You are my point for me. I really really really do not want to give me programmers the ability to run the debugger as root. I think disallowing the attach is the only acceptable _default_ behavior; but I think I should be able to override that default when I am confident that my program does not hold any privileged resources. I will post to a Linux kernel list in a couple of days. I posted here because I felt that I was likely to find someone who had the same problem in this group. If I have to allow the programmers to run the debugger as root I will have to wrap it in a script that will prevent them from attaching to any other process than the ones that I can programmaticaly identify as ok. Is there any option on gcc that will disable gcc commands that might be used to attach to other processes once they have started gcc as root? Thanks all for your thoughtful replies. -- Michael Potter