From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 3036 invoked by alias); 14 Apr 2008 13:32:12 -0000 Received: (qmail 3025 invoked by uid 22791); 14 Apr 2008 13:32:11 -0000 X-Spam-Check-By: sourceware.org Received: from mailgw1a.lmco.com (HELO mailgw1a.lmco.com) (192.31.106.7) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 14 Apr 2008 13:31:49 +0000 Received: from emss02g01.ems.lmco.com (relay2.ems.lmco.com [166.29.2.54])by mailgw1a.lmco.com (LM-6) with ESMTP id m3EDSpYL018193;Mon, 14 Apr 2008 07:29:05 -0600 (MDT) Received: from CONVERSION2-DAEMON.lmco.com by lmco.com (PMDF V6.3-x14 #31428) id <0JZB00M01HO2K2@lmco.com>; Mon, 14 Apr 2008 07:33:38 -0600 (MDT) Received: from EMSS04I00.us.lmco.com ([166.17.13.135]) by lmco.com (PMDF V6.3-x14 #31428) with ESMTP id <0JZB00DZYHNSEA@lmco.com>; Mon, 14 Apr 2008 07:33:28 -0600 (MDT) Received: from EMSS04M21.us.lmco.com ([166.17.13.249]) by EMSS04I00.us.lmco.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 14 Apr 2008 09:31:31 -0400 Date: Mon, 14 Apr 2008 13:46:00 -0000 From: "Reynolds, Brandon" Subject: Re: unable to attach to setuid program that as reverted it privilege To: pottmi@gmail.com Cc: gdb@sourceware.org Message-id: <7ADDA4869AFB444695CDD37859452D5773AED1@emss04m21.us.lmco.com> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable Content-class: urn:content-classes:message Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2008-04/txt/msg00113.txt.bz2 I can't seem to get this to work. I have a setuid executable with the following code: ---------------------------------------------------------------------------= -- /* keep root capabilities as we transition to the regular user */ prctl( PR_SET_KEEPCAPS, 1, 0, 0, 0 ); /* switch back to user that ran us */ setuid( p->pw_uid ); setgid( p->pw_gid ); /* drop all privs except CAP_SYS_NICE */ if (cap_set_proc((cap =3D cap_from_text( "CAP_SYS_NICE+pe" ))) < 0) { perror( "cap_set_proc: failed to drop privs, aborting" ); exit( 1 ); } cap_free(cap); ---------------------------------------------------------------------------= -- > cat /proc/sys/kernel/suid_dumpable 2 > uname -a Linux sgi2 2.6.16.46-0.12-default #1 SMP Thu May 17 14:00:09 UTC 2007 ia64 = ia64 ia64 GNU/Linux FYI, the man 5 proc says: /proc/sys/fs/suid_dumpable (since Linux 2.6.13) The value in this file determines whether core dump files are= produced for set-user-ID or other=E2 wise protected/tainted binaries. Three different integer val= ues can be specified: 0 (default) This provides the traditional (pre-Linux 2.6.13) = behaviour. A core dump will not be produced for a process which has changed credentials (by call= ing seteuid(2), setgid(2), or simi=E2 lar, or by executing a set-user-ID or set-group-ID program)= or whose binary does not have read permission enabled. 1 ("debug") All processes dump core when possible. The core = dump is owned by the file system user ID of the dumping process and no security is applied. = This is intended for system debug=E2 ging situations only. Ptrace is unchecked. 2 ("suidsafe") Any binary which normally would not be dumped = (see "0" above) is dumped readable by root only. This allows the user to remove the core dump = file but not to read it. For secu=E2 rity reasons core dumps in this mode will not overwrite one a= nother or other files. This mode is appropriate when administrators are attempting to debug pr= oblems in a normal environment. > This is documented as allowing core files to be created for setuid > programs. What I am using it for is to allow gdb run as a non-root > user to connect to setuid programs that have _permanently_ given up > their root privilege. Without suid_dumpable enabled, gdb will fail > with a EPERM error even tho the target program is no longer running as > root and can not reacquire root privilege ( a good default behavior ). What did you mean by "_permanently_"? -Brandon