Re: ptrace and setuid problem

From: Tom Horsley
Date: Sun Mar 06 2005 - 07:55:33 EST


Andreas Schwab wrote:

Tom Horsley <tomhorsley@xxxxxxxxxxxx> writes:



If I exec a setuid program under ptrace, I can read the image via
PEEKDATA requests.



Only CAP_SYS_PTRACE capable processes get suid/sgid semantics under
ptrace, or can attach to a privileged processes.

Andreas.



I realize the program under ptrace is no longer running setuid, but it is still running,
and the debugger can examine the process memory. With most setuid programs
being installed execute-only with no read access, isn't it a security problem that
I can get read access anyway (at least to the parts of the file that are in LOAD
segments)?

(Although I do notice that my suse 9.2 system has /usr/bin/sudo installed readable -
it is only my fedora core 3 system that has it execute only - just to pick a sample
setuid program).

Maybe setuid shouldn't even be the question, maybe the issue should be that
ptrace can read parts of program files that have no read access.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/