From: "Michael Potter" <pottmi@gmail.com>
To: "Reynolds, Brandon" <brandon.reynolds@lmco.com>
Cc: "Tavis Ormandy" <taviso@sdf.lonestar.org>, gdb@sourceware.org
Subject: Re: unable to attach to setuid program that as reverted it privilege
Date: Tue, 15 Apr 2008 01:24:00 -0000 [thread overview]
Message-ID: <2379dacc0804140945k59f1aa9ase110fae6c154ece6@mail.gmail.com> (raw)
In-Reply-To: <7ADDA4869AFB444695CDD37859452D5773B08F@emss04m21.us.lmco.com>
On Mon, Apr 14, 2008 at 11:28 AM, Reynolds, Brandon
<brandon.reynolds@lmco.com> wrote:
> Tavis,
>
> Obviously there are security risks involved; however, sometimes the
> choice is between giving users root and allowing them to debug a process
> with some extended capabilities.
>
> Michael,
>
> I agree wholeheartedly with you that it would be good to have some fine
> grained control over things. I wonder if that is what
> prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) is supposed to do? See "man 2 prctl"
> for details.
>
> I can't seem to reproduce results however with either tweaking the proc
> file or calling prctl(). What kernel are you running?
>
I am using what ever kernel is default with opensuse 10.3. Sorry, I
am not at my suse box right now to give you a definite answer.
I played with prctl some time ago to fix a similar problem. I did not
have any luck. I kept running into people telling me that I should
not do that because it is a security hole.
If I recall correctly (and this was a couple of years ago), I looked
at the kernel source for pattach and found that the EPERM error was
output regardless of the process control or capability settings. My
conclusion at that time was that it not implemented.
--
Michael Potter
next prev parent reply other threads:[~2008-04-14 16:45 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-14 13:46 Reynolds, Brandon
2008-04-14 16:32 ` Michael Potter
2008-04-14 16:45 ` Tavis Ormandy
2008-04-15 1:02 ` Reynolds, Brandon
2008-04-15 1:24 ` Michael Potter [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-01-22 20:00 Michael Potter
2008-01-22 20:09 ` Daniel Jacobowitz
2008-01-22 20:24 ` Michael Potter
2008-01-23 17:52 ` Mark Kettenis
2008-01-23 18:48 ` Michael Potter
2008-01-23 20:26 ` Michael Potter
2008-01-23 20:42 ` Andreas Schwab
2008-01-24 5:05 ` Michael Potter
2008-01-24 9:18 ` Andreas Schwab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2379dacc0804140945k59f1aa9ase110fae6c154ece6@mail.gmail.com \
--to=pottmi@gmail.com \
--cc=brandon.reynolds@lmco.com \
--cc=gdb@sourceware.org \
--cc=taviso@sdf.lonestar.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox