Re: question about /proc/<PID>/mem in 2.4 (fwd)

From: Tigran Aivazian
Date: Sun Jul 18 2004 - 07:44:03 EST


Hi,

Thank you for your reply, but this one bit still remains utterly unclear
to me:

> Alan has already pointed out a reason why the MAY_PTRACE()
> check was needed:
>
> | Consider what happens if your setuid app reads stdin
> |
> | setuidapp < /proc/self/mem
>
> ...
> See Alan's example I've quoted above. In this scenario, it would be
> the program being attacked which will be checked for possession of the
> capability... if it is SUID root, the attack will succeed.

In the above example there is nothing forbidden and the current state of
things doesn't prevent the program from reading it's own address space.

Thus I see absolutely nothing special about the case:

# setuidapp < /proc/self/mem

and this program reading stdin. Maybe I am missing something obvious but I
have 10+ years of Unix systems programming experience and having consulted
some people who have 20+ years of such experience they are also of the
same opinion, i.e. nothing special in the above case.

Could you therefore clarify it, please? Thank you in advance!

Kind regards
Tigran

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/