Re: strace security <feature>

Peter Benie (pjb1008@cam.ac.uk)
Thu, 30 Dec 1999 12:54:31 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andi Kleen: "Re: kernel_thread function"
Previous message: Homme R. Bitter: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
In reply to: George: "Re: [patch] freeing spinlock when UP."

Alan Cox writes ("Re: strace security <feature>"):
> > It is possible for an ordinary user to use `strace` (which by default
> > runs SUID-root), to copy a password file to /etc.
>
> strace is not meant to be installed setuid root.

That's not entirely true - see the 'setuid installation' section of
the manpage. If you've ever needed to trace a setuid program, it's
obvious why this feature exists. The manpage does give a clear
explanation of the security implications, so the 'bug' is still an
installation error.

Peter

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: kernel_thread function"
Previous message: Homme R. Bitter: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
In reply to: George: "Re: [patch] freeing spinlock when UP."