From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13951 invoked by alias); 14 Apr 2008 16:32:27 -0000 Received: (qmail 13904 invoked by uid 22791); 14 Apr 2008 16:32:26 -0000 X-Spam-Check-By: sourceware.org Received: from mailgw2b.lmco.com (HELO mailgw2b.lmco.com) (192.91.147.4) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 14 Apr 2008 16:32:05 +0000 Received: from emss01g01.ems.lmco.com (relay1.ems.lmco.com [137.249.139.141])by mailgw2b.lmco.com (LM-6) with ESMTP id m3EGVf92029183;Mon, 14 Apr 2008 12:31:42 -0400 (EDT) Received: from CONVERSION2-DAEMON.lmco.com by lmco.com (PMDF V6.3-x14 #31428) id <0JZB00801PP4P3@lmco.com>; Mon, 14 Apr 2008 09:27:04 -0700 (PDT) Received: from EMSS04I00.us.lmco.com ([166.17.13.135]) by lmco.com (PMDF V6.3-x14 #31428) with ESMTP id <0JZB004KRPOX7O@lmco.com>; Mon, 14 Apr 2008 09:26:59 -0700 (PDT) Received: from EMSS04M21.us.lmco.com ([166.17.13.249]) by EMSS04I00.us.lmco.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 14 Apr 2008 12:26:58 -0400 Date: Tue, 15 Apr 2008 01:02:00 -0000 From: "Reynolds, Brandon" Subject: RE: unable to attach to setuid program that as reverted it privilege In-reply-to: <20080414134616.GA17924@sdf.lonestar.org> To: Tavis Ormandy Cc: pottmi@gmail.com, gdb@sourceware.org Message-id: <7ADDA4869AFB444695CDD37859452D5773B08F@emss04m21.us.lmco.com> MIME-version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-class: urn:content-classes:message References: <7ADDA4869AFB444695CDD37859452D5773AED1@emss04m21.us.lmco.com> <20080414134616.GA17924@sdf.lonestar.org> Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2008-04/txt/msg00116.txt.bz2 Tavis, Obviously there are security risks involved; however, sometimes the choice is between giving users root and allowing them to debug a process with some extended capabilities. Michael, I agree wholeheartedly with you that it would be good to have some fine grained control over things. I wonder if that is what prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) is supposed to do? See "man 2 prctl" for details. I can't seem to reproduce results however with either tweaking the proc file or calling prctl(). What kernel are you running? -Brandon -----Original Message----- From: Tavis Ormandy [mailto:taviso@sdf.lonestar.org] Sent: Monday, April 14, 2008 9:46 AM To: Reynolds, Brandon Cc: pottmi@gmail.com; gdb@sourceware.org Subject: Re: unable to attach to setuid program that as reverted it privilege On Mon, Apr 14, 2008 at 09:32:34AM -0400, Reynolds, Brandon wrote: > > This is documented as allowing core files to be created for setuid > > programs. What I am using it for is to allow gdb run as a non-root > > user to connect to setuid programs that have _permanently_ given up > > their root privilege. Without suid_dumpable enabled, gdb will fail > > with a EPERM error even tho the target program is no longer running as > > root and can not reacquire root privilege ( a good default behavior ). > Consider the suid root ping program, it aquires a SOCK_RAW socket, and then drops privileges. If you were allowed to attach to it after it has dropped privileges, you could wait for it to get the socket, then PTRACE_ATTACH and PTRACE_POKE in your own code, which now has a raw socket that it can use for any purpose it likes. Obviously, this cannot be permitted (i'm sure some operating systems get it wrong though :-)). Thanks, Tavis. -- ------------------------------------- taviso@sdf.lonestar.org | finger me for my gpg key. -------------------------------------------------------