This is the mail archive of the gdb@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: unable to attach to setuid program that as reverted it privilege

From: Daniel Jacobowitz <drow at false dot org>
To: Michael Potter <pottmi at gmail dot com>
Cc: gdb at sourceware dot org
Date: Tue, 22 Jan 2008 15:08:56 -0500
Subject: Re: unable to attach to setuid program that as reverted it privilege
References: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com>

On Tue, Jan 22, 2008 at 01:59:48PM -0600, Michael Potter wrote:
> I will speculate that the logic behind that is even tho the program
> does not have root privilege now, it could have something in left over
> in memory from when it did have root privilege.  I think this is a

Correct.  For instance, it could have an open file descriptor to a
root-owned file or a privileged network socket.  There's lots of
things you can inherit.

> good default behavior, but I am hopeful that some clever programmer
> has found a way to change their program such that gdb can attach to
> it.

It has nothing to do with the program; this is part of your kernel's
security model.  Sorry.  I believe it's pretty much universal behavior
across Unix-like systems.

> Suggestions on alternatives such as a way to switch users without root
> privileges
> are welcome.

Allow "sudo -u otheruser ./nonsetuid-copy-of-program" ?

-- 
Daniel Jacobowitz
CodeSourcery

Follow-Ups:
- Re: unable to attach to setuid program that as reverted it privilege
  - From: Michael Potter

References:
- unable to attach to setuid program that as reverted it privilege
  - From: Michael Potter

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]