[...]
> passing. This is entirely transparent to both the kernel and the
> program - you just have to make the program sgid some random unused
> gid. (If we had a SCM_EXECUTABLE message which sends the filename of
> the executable in a secure manner, we wouldn't even need a setgid
> "hack"). I have this on my todo list ;-).
If the program had no s-bit, nothing could prevent the user from hijacking
the process using ptrace() and exploiting the privilege.
Wait... if the user can't read the exe, he (or she) should not be able to
trace the process. Funny, the kernel does not allow you to attach to an
already running process (ptrace(PTRACE_ATTACH,... ) checks dumpable) but
it lets your traced process exec an unreadable exe and you are still
tracing it!! (Both 2.0.34 & 2.1.108 seem to be affected.)
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"You can't be truly paranoid unless you're sure they have already got you."
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html