Re: Minor PTRACE security bug

Ian Collier (imc@comlab.ox.ac.uk)
Wed, 16 Sep 1998 15:48:31 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Lin Zhe Min: "[2.1.121] vfat.o unresolved symbol strnicmp..."
Previous message: Michael L. Galbraith: "Re: /usr/include/sys/debugreg.h"

On Tue, 15 Sep 1998 19:10:03 +0100 (GMT), Chris Evans said:
> > ---x--x--x 1 andi users 8576 Sep 14 21:45 foobar
> > You can not debug it, but 'strace' works, which should not, IMHO.

> I noted this "security" problem a while back. I believe I was told the
> behaviour you see is pretty much standard UNIX behaviour.

FWIW...

solaris$ ls -l hello
---x--x--x 1 imc 5172 Sep 16 14:48 hello
solaris$ truss ./hello
truss: cannot trace set-id or unreadable object file: ./hello
solaris$ ./hello &
[5] 2970
hello
solaris$ truss -p 2970
truss: cannot control process 2970
solaris$ ls -l /proc/2970
-rw------- 1 imc 696320 Sep 16 15:42 /proc/2970
solaris$ cat /proc/2970
cat: cannot open /proc/2970
solaris$ kill -ABRT 2970
[5]+ Abort (core dumped) ./hello
solaris$ ls -l core
-rw-r--r-- 1 imc 63272 Sep 16 15:42 core
solaris$ LD_PRELOAD="/tmp/libc.so.1 /usr/lib/libc.so.1" ./hello
Gotcha!
hello

imc

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lin Zhe Min: "[2.1.121] vfat.o unresolved symbol strnicmp..."
Previous message: Michael L. Galbraith: "Re: /usr/include/sys/debugreg.h"