This is the mail archive of the
gdb@sourceware.org
mailing list for the GDB project.
Re: unable to attach to setuid program that as reverted it privilege
- From: Daniel Jacobowitz <drow at false dot org>
- To: Michael Potter <pottmi at gmail dot com>
- Cc: gdb at sourceware dot org
- Date: Tue, 22 Jan 2008 15:08:56 -0500
- Subject: Re: unable to attach to setuid program that as reverted it privilege
- References: <2379dacc0801221159pfa2f3edh44c0b9c4ea6477ba@mail.gmail.com>
On Tue, Jan 22, 2008 at 01:59:48PM -0600, Michael Potter wrote:
> I will speculate that the logic behind that is even tho the program
> does not have root privilege now, it could have something in left over
> in memory from when it did have root privilege. I think this is a
Correct. For instance, it could have an open file descriptor to a
root-owned file or a privileged network socket. There's lots of
things you can inherit.
> good default behavior, but I am hopeful that some clever programmer
> has found a way to change their program such that gdb can attach to
> it.
It has nothing to do with the program; this is part of your kernel's
security model. Sorry. I believe it's pretty much universal behavior
across Unix-like systems.
> Suggestions on alternatives such as a way to switch users without root
> privileges
> are welcome.
Allow "sudo -u otheruser ./nonsetuid-copy-of-program" ?
--
Daniel Jacobowitz
CodeSourcery