Re: strace security <feature>

Ben Collins (bcollins@debian.org)
Wed, 29 Dec 1999 21:20:22 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dan Hollis: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
Previous message: Horst von Brand: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
In reply to: Horst von Brand: "Re: strace security <feature>"

On Wed, Dec 29, 1999 at 10:53:12PM -0300, Horst von Brand wrote:
> "Richard B. Johnson" <root@chaos.analogic.com> said:
> > It is possible for an ordinary user to use `strace` (which by default
> > runs SUID-root), to copy a password file to /etc.
>
> Nope. i686 UP, Red Hat 6.1, strace is _not_ SUID. And it doesn't work.

Well, if you are trying to strace a suid program, the kernel will not let
you. THAT is for security.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dan Hollis: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
Previous message: Horst von Brand: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
In reply to: Horst von Brand: "Re: strace security <feature>"