This is the mail archive of the
gdb@sourceware.org
mailing list for the GDB project.
Re: unable to attach to setuid program that as reverted it privilege
- From: Tavis Ormandy <taviso at sdf dot lonestar dot org>
- To: "Reynolds, Brandon" <brandon dot reynolds at lmco dot com>
- Cc: pottmi at gmail dot com, gdb at sourceware dot org
- Date: Mon, 14 Apr 2008 13:46:17 +0000
- Subject: Re: unable to attach to setuid program that as reverted it privilege
- References: <7ADDA4869AFB444695CDD37859452D5773AED1@emss04m21.us.lmco.com>
On Mon, Apr 14, 2008 at 09:32:34AM -0400, Reynolds, Brandon wrote:
> > This is documented as allowing core files to be created for setuid
> > programs. What I am using it for is to allow gdb run as a non-root
> > user to connect to setuid programs that have _permanently_ given up
> > their root privilege. Without suid_dumpable enabled, gdb will fail
> > with a EPERM error even tho the target program is no longer running as
> > root and can not reacquire root privilege ( a good default behavior ).
>
Consider the suid root ping program, it aquires a SOCK_RAW socket, and
then drops privileges. If you were allowed to attach to it after it has
dropped privileges, you could wait for it to get the socket, then
PTRACE_ATTACH and PTRACE_POKE in your own code, which now has a raw
socket that it can use for any purpose it likes.
Obviously, this cannot be permitted (i'm sure some operating systems get
it wrong though :-)).
Thanks, Tavis.
--
-------------------------------------
taviso@sdf.lonestar.org | finger me for my gpg key.
-------------------------------------------------------