This is the mail archive of the gdb@sources.redhat.com mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: gdb and suid binaries - security?



To attach to a process, the kernel requires you have appropriate 
permissions.

Starting program: /bin/su
/bin/su: Operation not permitted.

This is the same with strace:

strace `which su`
execve("/bin/su", ["/bin/su"], [/* 60 vars */]) = 0
strace: exec: Operation not permitted

It's basically a hole that's been closed by the OS.

Kris Warkentin wrote:

>Is it true that if gdb is debugging a suid binary then any calls they make
>from the debugger are executed as that user?  Couldn't one then execute
>arbitrary instructions as root if you debugged something like su?  Or even
>worse, just call setuid(0) and let the program run to completion.
>
>Oddly enough I've noticed that this actually fails on both FreeBSD and Linux
>but it almost seems to be some mechanism outside of gdb.  Does anyone know
>how this works?
>
>cheers,
>
>Kris
>




Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]