Re: Minor PTRACE security bug

Jeremy Fitzhardinge (jsgf@sirius.com)
Tue, 15 Sep 1998 11:24:42 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul Rusty Russell: "Re: ipchains blocks from SOCK_RAW?"
Previous message: Henrik Olsen: "Re: Deleted files recovery"
Next in thread: David Whysong: "Re: Lots of kernel oopses in pre-2.1.122-2 (CPU not overclocked)"
Reply: David Whysong: "Re: Lots of kernel oopses in pre-2.1.122-2 (CPU not overclocked)"

On 15-Sep-98 Martin Mares wrote:
>> Maybe LD_PRELOAD should also not be permitted if you have not got read
>> permission to the file you are executing? There could quite easily be
>> something more revealing that you can do with this -- eg, copy the entire
>> memory space of the program to a file.
>
> Does it really make sense to protect sensitive data by making them
> executable,
> but not readable? It violates the basic "process running with euid equal to
> my
> euid -> I can do everything with it" rule and thus there are zillions of ways
> how to access such process's address space (ptrace, LD_PRELOAD, /proc ...).

It's one of those old, traditional Unix rules: if you can't read the binary's
file, you can't read the binary in memory. That was before the days of shared
libraries, /proc, threads and so on, but ptrace enforced it. On the other
hand, you could still steal the address space by making it dump core, but you
couldn't copy the contents of the executable. It's a simple copy-protection
measure, and probably not all that valuable these days.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Rusty Russell: "Re: ipchains blocks from SOCK_RAW?"
Previous message: Henrik Olsen: "Re: Deleted files recovery"
Next in thread: David Whysong: "Re: Lots of kernel oopses in pre-2.1.122-2 (CPU not overclocked)"
Reply: David Whysong: "Re: Lots of kernel oopses in pre-2.1.122-2 (CPU not overclocked)"